Cybersecurity

6987 readers

215 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Microsoft: Windows 'inetpub' folder created by security fix, don’t delete (www.bleepingcomputer.com)

submitted 3 days ago by neme@lemm.ee to c/cybersecurity@sh.itjust.works

22 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] CameronDev@programming.dev 11 points 3 days ago* (last edited 3 days ago) (2 children)

Or worse, (tinfoil hat on), they are planning on installing and abusing iis on everyone's PC. Ad delivery?

I don't see how this can be a security risk, I really want more details.

Cve: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204

[–] besselj@lemmy.ca 14 points 3 days ago (1 children)

Another possible explanation from Hanlon's razor: MS is going all-in on vibe coding

[–] CameronDev@programming.dev 5 points 2 days ago

Thats not better :(

[–] adarza@lemmy.ca 5 points 3 days ago (1 children)

it's nothing 'new'. i have encountered empty inetpub folders frequently, on systems with no business having it in the first place.. for years now.

[–] CameronDev@programming.dev 4 points 2 days ago* (last edited 2 days ago) (1 children)

I wonder if they were infected with something that was exploiting that CVE?

Edit: Here is another tinfoil theory: the windows security subsystems special cases inetpub to allow all executables. If the path doesn't exist, attackers can drop binaries in there to bypass security/codesigning etc. By creating it as SYSTEM, MS is ensuring that it can't be written to without SYSTEM privs?

[–] sylver_dragon@lemmy.world 3 points 2 days ago

Edit: Here is another tinfoil theory: the windows security subsystems special cases inetpub to allow all executables. If the path doesn’t exist, attackers can drop binaries in there to bypass security/codesigning etc. By creating it as SYSTEM, MS is ensuring that it can’t be written to without SYSTEM privs?

Ya, I'd bet on something similar. According to the CVE, the vulnerability is around "Improper link resolution before file access". My bet is that there is something hardcoded somewhere which assumes the existence of this folder. If it doesn't exist, this can let the attacker get something in place which then gets executed with SYSTEM permissions, leading to privilege escalation. Not the worst thing in the world, for most users. But, it would be a problem in an enterprise environment where part of the security model is users not having local admin.