Microsoft, in its quest to fortify Windows 11 against cunning update-hijackers, has—ironically—gifted users with a shiny new security headache in the form of the C:\inetpub folder. If you’re scratching your head, don’t worry; so is half the Windows community. Once an arcane haunt for web server files, inetpub has returned not as a hero, but as a potential villain in the latest Windows 11 update.
The story begins with good intentions: Microsoft aimed to prevent a previous exploit where attackers abused a missing inetpub directory to sneakily plant symlinks and manipulate the Windows Update stack. Now, every Windows 11 system dutifully creates an empty inetpub folder—because what says “security” like forcibly making a home for it on every C drive?
But as security researcher Kevin Beaumont revealed, this band-aid is peeling at the edges. Any local user, without the need for admin rights or even a fancy hacker hoodie, can swap the folder for a directory junction using a single command. The result? Windows Update is lured down a rabbit hole, misguidedly targeting, say, Notepad.exe instead of the intended folder. Abracadabra—the update fails, the rollback ensues, and the attacker cackles in the distance.
You don’t need elite hacking skills for this trick. Anyone with access to the PC, and the audacity to google “mklink,” can exploit this. If this sounds suspiciously low-effort… well, it is.
It’s a simple process, and here’s the gist:
The strength here is that, with a quick round of permissions jiu-jitsu, you can shut down this hack without heavy lifting. The downside? Another manual fix to remember, another folder on the “do not touch” list, and yet another sign that Windows security sometimes prefers whack-a-mole to true lockdown.
Source: Make Tech Easier Windows 11's New Inetpub Folder is Hackable. Try This Temporary Fix - Make Tech Easier
How Did We Get Here?
The story begins with good intentions: Microsoft aimed to prevent a previous exploit where attackers abused a missing inetpub directory to sneakily plant symlinks and manipulate the Windows Update stack. Now, every Windows 11 system dutifully creates an empty inetpub folder—because what says “security” like forcibly making a home for it on every C drive?But as security researcher Kevin Beaumont revealed, this band-aid is peeling at the edges. Any local user, without the need for admin rights or even a fancy hacker hoodie, can swap the folder for a directory junction using a single command. The result? Windows Update is lured down a rabbit hole, misguidedly targeting, say, Notepad.exe instead of the intended folder. Abracadabra—the update fails, the rollback ensues, and the attacker cackles in the distance.
The Under-the-Hood Comedy of Errors
The root of the problem is classic Windows: the servicing stack, running as the all-powerful SYSTEM, regards inetpub as a sacred site, blithely unaware if it’s been replaced with a trapdoor or haunted by junctions. It naively assumes the folder is safe for staging critical files, ignoring those pesky reparse points and oversight on who actually modified the contents. The result is like trusting your open mailbox to a neighborhood prankster.You don’t need elite hacking skills for this trick. Anyone with access to the PC, and the audacity to google “mklink,” can exploit this. If this sounds suspiciously low-effort… well, it is.
Until Microsoft Fixes It: A DIY Defense
Predictably, Microsoft’s response so far has been a contemplative silence. But Windows power users aren’t waiting around for an official patch when there’s group policy magic to wield. The best mitigation right now? Strip away all user write and delete permissions on the inetpub folder—but keep the SYSTEM and TrustedInstaller accounts happy, or you’ll break legitimate update operations.It’s a simple process, and here’s the gist:
- Right-click inetpub in C:\, go to Properties.
- Open the Security tab, hit Advanced.
- Disable inheritance, and remove all inherited permissions.
- Add back SYSTEM (Full control) and NT SERVICE\TrustedInstaller (Full control).
- Exit out. Now, even admins are locked out, and Windows Update can keep doing its thing.
Critique: A Symptom of Bigger Windows Woes?
While this fix should be a decent stopgap for average users, it shines a light on a recurring issue with Windows security philosophy: patching symptoms without squashing the root cause. Microsoft’s steadfast silence only amplifies the uncertainty. A clever attacker still needs local access, but given the increasing blend of work-from-home and shared PCs, that’s a lower bar than we’d like.The strength here is that, with a quick round of permissions jiu-jitsu, you can shut down this hack without heavy lifting. The downside? Another manual fix to remember, another folder on the “do not touch” list, and yet another sign that Windows security sometimes prefers whack-a-mole to true lockdown.
The Bottom Line
If the irony of a security patch introducing a new exploit makes you groan, just remember: in the world of Windows, the only thing more persistent than updates are the creative ways they can go awry. Until Redmond delivers the real cure, a few clicks in the Security tab might save your next update from a bizarre side quest through Notepad.exe. Routine vigilance is the new normal—just don’t lose your sense of humor along the way.Source: Make Tech Easier Windows 11's New Inetpub Folder is Hackable. Try This Temporary Fix - Make Tech Easier
