SWEET! A official way to block Windows Updates. Although I still will be using WUB, this will be a handy tool for sure. Thanks, Microsoft!
“After installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device,” confirmed Microsoft.”This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users.”However, cybersecurity expert Kevin Beaumont has demonstrated that this folder can be abused to prevent further Windows updates from being installed if it is created a certain way.”I’ve discovered this fix introduces a denial of service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates,” Kevin Beaumont.In a new report, Beaumont says that Windows users, even those without administrative privileges, can create a junction between C:\inetpub and a Windows file, like C:\windows\system32\notepad.exe using the following command.
mklink /j c:\inetpub c:\windows\system32\notepad.exe
A Windows junction is a special type of folder that redirects access to another folder on the same or another drive, making it appear as though the content exists in both locations.When asked why this junction is preventing the update from being installed, Beaumont says he believes it’s because the update expects a folder rather than a file.”It works with basically any file, I think it’s because the servicing stack expects c:\inetpub to be a directory – but mklink allows you to make a junction to a file,” Beaumont told BleepingComputer.
Source: Windows “inetpub” security fix can be abused to block future updates
Leave a Reply