Summary: A recent Windows security update has unintentionally introduced a vulnerability related to the newly created ‘inetpub’ folder that can be exploited to block future updates. Cybersecurity expert Kevin Beaumont demonstrated that non-admin users can create a junction to this folder that prevents Windows updates from installing correctly, resulting in an error. Microsoft has acknowledged this issue, classifying it as a medium severity, yet the flaw remains unaddressed for now.
Affected: Microsoft Windows Operating System
Keypoints :
- The ‘inetpub’ folder was created as part of a fix for a Windows Process Activation elevation of privilege vulnerability (CVE-2025-21204).
- Creating a junction at C:inetpub to a file like notepad.exe leads to installation failures of future Windows updates.
- Microsoft has assigned a “Medium” severity to this bug but stated it does not require an immediate fix.