Here's a summary of the issue with the inetpub folder in Windows 11, and a temporary fix as suggested by the article:
Source: Make Tech Easier Article
Source: Make Tech Easier https://www.maketecheasier.com/wind...9AF6BAgKEAI&usg=AOvVaw2FaZ488ThznMyPhb4uKJAW/
Why is the Inetpub Folder Vulnerable?
- Starting with the April 2025 Windows 11 update, a new empty
inetpubfolder is created on every system's C drive as a workaround for a prior Windows Update vulnerability. - This new setup allows anyone with local access (even non-admins) to replace the
inetpubfolder with a directory junction using a command like:
mklink /J C:\inetpub C:\Windows\System32\notepad.exe - If abused, this causes Windows Update to malfunction or fail, making it a potential avenue for Denial of Service (DoS) attacks.
- The Windows Servicing Stack trusts
C:\inetpuband doesn't check for reparse points or ownership, so it could be tricked via this hack.
Temporary Fix Recommended:
You can secure your system until Microsoft issues a patch by restricting permissions on theinetpub folder:Steps:
- Right-click
C:\inetpub> Properties > Security tab > Advanced. - Click "Disable inheritance" and then select "Remove all inherited permissions from this object."
- Click "Add" > "Select a principal". Type
SYSTEM, click "Check Names", then "OK". Give it Full control. - Repeat for
NT SERVICE\TrustedInstaller, again granting Full control. - Click OK on all dialogs to save changes.
- This prevents any user (including admins, except for SYSTEM and TrustedInstaller) from modifying the folder, effectively blocking the main method of exploitation.
- If you need to revert, go back to Advanced Security Settings, click "Enable inheritance," and remove the custom SYSTEM/TrustedInstaller permissions.
Source: Make Tech Easier Article
Source: Make Tech Easier https://www.maketecheasier.com/wind...9AF6BAgKEAI&usg=AOvVaw2FaZ488ThznMyPhb4uKJAW/
Last edited:
