We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

servicing stack

New Security Warning After 1 Billion Windows Users Told Do Not Delete
Winsage
April 27, 2025

New Security Warning After 1 Billion Windows Users Told Do Not Delete

Microsoft's recent security update for Windows has raised concerns among users due to the introduction of a new vulnerability. The update, intended to address the CVE-2025-21204 vulnerability, inadvertently created a folder named inetpub, which Microsoft claims is essential for user protection. Security researcher Kevin Beaumont has warned that this update has introduced a denial of service vulnerability that allows non-admin users to halt future Windows security updates. Microsoft has classified the issue as moderate in severity and suggested that deleting the inetpub symlink and retrying the update may resolve the problem. The report has been forwarded to the Windows security team for potential further action.
Microsoft's Patch for Symlink Vulnerability Introduces New Windows Denial-of-Service Flaw
Winsage
April 25, 2025

Microsoft’s Patch for Symlink Vulnerability Introduces New Windows Denial-of-Service Flaw

In early April 2025, Microsoft addressed a security vulnerability (CVE-2025-21204) related to symbolic links in the Windows servicing stack, specifically affecting the c:inetpub directory used by Internet Information Services (IIS). The updates created the c:inetpub folder with appropriate permissions to mitigate risks. However, this fix introduced a new denial-of-service (DoS) vulnerability, allowing non-administrative users to create junction points on the c: drive, disrupting the Windows Update mechanism. A command such as "mklink /j c:inetpub c:windowssystem32notepad.exe" could be used to exploit this flaw, preventing systems from receiving future security patches. As of April 25, Microsoft had not released a patch or acknowledged the issue, leaving systems vulnerable and emphasizing the need for monitoring user permissions and manually removing suspicious symlinks.
Windows 11's mysterious ‘inetpub’ folder might be more dangerous than we thought
Winsage
April 24, 2025

Windows 11’s mysterious ‘inetpub’ folder might be more dangerous than we thought

Windows 11 users have been warned about a potential vulnerability associated with the inetpub folder, introduced in the April 2025 security update. Security researcher Kevin Beaumont raised concerns that hackers could exploit this folder to disable essential security updates by creating "junction points" within the system's directory. This could lead to installation errors or force a rollback to previous system states due to a denial of service (DoS) vulnerability in the Windows servicing stack. Microsoft stated that the inetpub folder is part of a security patch (CVE-2025-21204) and advised against deleting it, claiming that removal would not impact system performance.
Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE's Fixed
Winsage
February 12, 2025

Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE’s Fixed

Microsoft released its February 2025 Patch Tuesday security updates, addressing over 61 vulnerabilities across its products. The updates include: - 25 Remote Code Execution vulnerabilities - 14 Elevation of Privilege vulnerabilities - 6 Denial of Service vulnerabilities - 4 Security Feature Bypass vulnerabilities - 2 Spoofing vulnerabilities - 1 Information Disclosure vulnerability Notable critical vulnerabilities include: - CVE-2025-21376: Remote code execution risk via LDAP protocol. - CVE-2025-21379: Flaw in DHCP client service allowing system compromise via crafted network packets. - CVE-2025-21381, CVE-2025-21386, CVE-2025-21387: Multiple vulnerabilities in Microsoft Excel enabling code execution through specially crafted files. - CVE-2025-21406, CVE-2025-21407: Vulnerabilities in Windows Telephony Service allowing remote code execution. Two vulnerabilities confirmed as actively exploited: - CVE-2023-24932: Bypass of Secure Boot protections. - CVE-2025-21391: Elevated privileges on affected systems. - CVE-2025-21418: Gain SYSTEM privileges through exploitation. Other notable fixes include vulnerabilities in Visual Studio and Microsoft Office that could lead to remote code execution. Users can apply updates via Windows Update, Microsoft Update Catalog, or WSUS. Microsoft emphasizes the urgency of these updates due to the active exploitation of certain vulnerabilities.
Windows 11 (KB5048667, KB5048685) December 2024 Patch Tuesday out
Winsage
December 11, 2024

Windows 11 (KB5048667, KB5048685) December 2024 Patch Tuesday out

Microsoft has released Patch Tuesday updates for Windows 11, covering versions 24H2, 23H2, and 22H2. The updates include build versions 26100.2605 for 24H2 (KB5048667), 22631.4602 for 23H2, and 22621.4602 for 22H2 (KB5048685). The 24H2 update addresses security issues and incorporates enhancements from a previous update (KB5046740). The servicing stack update (KB5049685) improves the component responsible for installing updates. For 23H2, users are advised to use EKB KB5027397 for updates, which include all improvements from version 22H2. The 22H2 update includes enhancements from KB5046732 and also addresses security improvements. Known issues include Arm device users being unable to download and play Roblox via the Microsoft Store, with a workaround available through direct download from the Roblox website. Additionally, some users report issues with the OpenSSH service post-installation of the October 2024 security update, affecting enterprise and education customers, with Microsoft investigating. Updates will be available through Windows Update or can be downloaded from the Microsoft Catalog website.
Search