Security Patch Archives

Winsage

April 30, 2025

A mysterious new Windows 11 folder appeared – and now there’s a new exploit

Windows 11 users encountered the "inetpub" folder after the April 2023 update (KB5055523), which is a crucial component for addressing the security vulnerability CVE-2025-21204. Microsoft stated that the folder should not be removed, as it helps manage Windows Update security vulnerabilities by preventing unauthorized control through symbolic links. However, cybersecurity expert Kevin Beaumont revealed that the same patch introduced a new vulnerability that could allow remote exploitation, prompting Microsoft to acknowledge this issue with a "Moderate" status and indicate that a fix is forthcoming. Users are advised to keep their systems updated and not delete the "inetpub" folder. If the folder is deleted, it can be restored by enabling Internet Information Services in the Control Panel.

Winsage

April 29, 2025

Microsoft Confirms $1.50 Windows Security Update Fee Starts July 1

Microsoft has introduced a subscription model for no-reboot security "hotpatch" updates, which will be available for Windows 11 Enterprise, version 24H2, and Windows Server 2025. Users must operate on Windows Server 2025 Standard or Datacenter, connected to Azure Arc, to access these updates. Starting July 1, 2025, there will be a charge of [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: In the realm of operating systems, security updates are paramount, especially when they pertain to software utilized by billions globally. However, Microsoft has recently found itself in a challenging spotlight following a controversial Windows security patch that inadvertently introduced a mysterious folder, sparking a wave of confusion and concern among users. Social media commentators hastily advised users to delete this folder, only for Microsoft to counter with a warning that such actions could leave systems vulnerable to attacks. This incident has now unveiled a broader issue within the Windows security update framework, particularly surrounding the introduction of a subscription model for no-reboot security “hotpatch” updates. What Is Windows Hotpatching, And Who Needs To Pay The .50 A Month Fee? As previously reported, Microsoft is advancing towards a system where hotpatching will eliminate the need for users to reboot their Windows systems after a security update. This innovative feature allows security fixes to be downloaded and installed seamlessly in the background, integrating directly into the in-memory code of processes that are already running. Initially, this functionality is set to be available for a specific segment of users: those operating Windows 11 Enterprise, version 24H2, on x64 (AMD/Intel) CPU devices managed through Microsoft Intune. Recent confirmations from Janine Patrick, Windows Server product marketing manager, and Artem Pronichkin, a senior program manager at Microsoft, indicate that the hotpatching system for Windows Server 2025, which has been in preview since 2024, will transition to a subscription-only model starting July 1. To utilize the no-reboot hotpatch security updates, users must operate on “Windows Server 2025 Standard or Datacenter,” with an essential requirement of being connected to Azure Arc. The noteworthy and contentious aspect of this announcement is the introduction of a subscription fee for the Hotpatch service. While hotpatching has long been available for Windows Server Datacenter: Azure Edition at no cost, users of Windows Server 2025 will incur a charge of .50 per CPU core each month for these security updates. Microsoft emphasizes that while hotpatching will significantly reduce the frequency of required reboots—approximately four times a year for baseline updates—this new approach aims to alleviate the traditional inconveniences associated with Patch Tuesday." max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].50 per CPU core each month for the hotpatch service, which aims to reduce the frequency of required reboots to approximately four times a year for baseline updates.

Winsage

April 24, 2025

Microsoft security patch opens up new security vulnerability

Microsoft's recent update aimed at fixing a security vulnerability (CVE-2025-2104) has unintentionally created an "inetpub" folder on the system drive of Windows operating systems. This folder's creation has raised concerns among IT security researchers, particularly Kevin Beaumont, who warns that it could lead to issues with Windows updates. Users can create junctions that redirect to the "inetpub" folder, potentially causing failures in installing updates and leaving systems vulnerable. Microsoft has stated that the "inetpub" folder should not be deleted and that its presence is part of security enhancements.

Winsage

April 24, 2025

Windows 11’s mysterious ‘inetpub’ folder might be more dangerous than we thought

Windows 11 users have been warned about a potential vulnerability associated with the inetpub folder, introduced in the April 2025 security update. Security researcher Kevin Beaumont raised concerns that hackers could exploit this folder to disable essential security updates by creating "junction points" within the system's directory. This could lead to installation errors or force a rollback to previous system states due to a denial of service (DoS) vulnerability in the Windows servicing stack. Microsoft stated that the inetpub folder is part of a security patch (CVE-2025-21204) and advised against deleting it, claiming that removal would not impact system performance.

Winsage

April 23, 2025

Microsoft just broke another essential Start menu feature on Windows 10, and we aren’t even surprised

Microsoft's Windows 10 update KB5055518 has disrupted the Jump Lists feature in the Start menu, which allows users to access recently opened files by right-clicking app icons. Users report that Jump Lists were functioning properly before the update, and the feature remains enabled in system settings. However, the "Recent" header in Jump Lists is missing. While Jump Lists still work for pinned applications on the taskbar, the disruption in the Start menu is significant. This change follows a pattern of Microsoft removing features from Windows 10, potentially to encourage users to upgrade to Windows 11, especially as support for Windows 10 is nearing its end.

Winsage

April 17, 2025

Hackers Exploiting NTLM Spoofing Vulnerability in Wild to Compromise Systems

Cybercriminals are exploiting a vulnerability in Windows systems known as CVE-2025-24054, which involves NTLM hash disclosure through spoofing techniques. This flaw allows attackers to leak NTLM hashes, leading to privilege escalation and lateral movement within networks. It is triggered when a user extracts a ZIP archive containing a malicious .library-ms file, causing Windows Explorer to initiate SMB authentication requests that expose NTLMv2-SSP hashes. Exploitation of this vulnerability began shortly after a security patch was released on March 11, 2025, with campaigns targeting government and private institutions in Poland and Romania. These campaigns utilized spear-phishing emails containing malicious ZIP archives, which, when interacted with, leaked NTLM hashes. The malicious files included various types designed to initiate SMB connections to attacker-controlled servers, allowing for pass-the-hash attacks and privilege escalation. The stolen hashes were sent to servers in several countries, indicating potential links to state-sponsored groups. One campaign involved Dropbox links that exploited the vulnerability upon user interaction. Microsoft has recommended immediate patching, enhancing network defenses, user education, network segmentation, and regular security audits to mitigate risks associated with this vulnerability.

Winsage

April 16, 2025

Don’t Delete This Empty Folder on Windows 11

The "inetpub" folder, which appeared after the latest Patch Tuesday update on Windows 11, is part of a security enhancement addressing the CVE-2025-21204 vulnerability that could allow attackers to modify system files. Users are advised not to delete this folder, as it contributes to increased protection. If deleted, it can be restored by navigating to Control Panel > Programs > Programs and Features, selecting "Turn Windows features on or off," checking the box next to Internet Information Services, and clicking OK. This process recreates the folder with the same security protections.

AppWizard

April 15, 2025

Android 12 and 12L have received their last official Google security update

Google has officially ended support for Android 12 and Android 12L, with the last security patch released in March 2025. As of March 31, 2025, these operating systems will no longer receive updates or security enhancements. Over 12% of Android devices globally are still using Android 12 or 12L. OEMs may choose to backport security releases, and users can switch to custom ROMs for continued updates. Popular devices still running these operating systems include the Samsung Galaxy S10 series, Google Pixel 3a series, and OnePlus 7 series.

AppWizard

April 15, 2025

Google rolls out an auto-reboot feature for Android phones to safeguard data

Google has released an update to its April Play Services and Store changelog, introducing an automatic reboot function for Android phones that have been locked for three consecutive days to enhance data encryption. The initial batch of April updates included battery life improvements and a security patch for Pixel devices. The update also features optimizations for device connectivity and a minor enhancement to the "Ask a question" feature in the Play Store. Additionally, the April update includes the 2025 security update for Pixel devices, addressing camera issues and screen dimming problems reported by users of the Pixel 6 and 7 series. The Pixel 9 Pro XL has been introduced, featuring a 6.8-inch display and a commitment to seven years of updates.

Winsage

April 15, 2025

Microsoft Warns Millions Of Windows Users—Do Not Update Your PC

Microsoft's April updates have led to user concerns, including the appearance of an empty folder named “inetpub,” which is linked to a security patch for vulnerability CVE-2025-21204. Users are also facing error code 0x80070643 during the installation of the Windows Recovery Environment (WinRE) update, which may give the impression of a failed update, but Microsoft states that the update is usually applied successfully after a restart. Some users have reported issues with partition size on the Recovery disk, even with sufficient storage available. Microsoft advises users not to delete the “inetpub” folder and to refrain from further updates immediately after applying the April updates, suggesting that a restart may resolve issues. Additionally, Microsoft emphasizes the importance of upgrading from Windows 10 before its end of support on October 14, 2025.