New Security Warning After 1 Billion Windows Users Told Do Not Delete

That mystery Windows security update could block new security updates.
As if users of the world's most popular, although I use that term with some caution, operating system don't have enough security issues to worry about, Microsoft appears to have introduced one of its own making. With dangerous infostealer malware on the hunt for Windows passwords and 2FA code bypassing cookies and a record number of vulnerabilities reported, the last thing a billion Windows users want to hear is that an update meant to solve security issues could have introduced a new one of its own.
As regular readers will know, I'm something of an advocate, almost evangelical in fact, when it comes to security updates. Whether it is the latest Google Chrome browser emergency update, or the monthly Patch Tuesday rollout of fixes, often relating to zero-day vulnerabilities are actively being exploited, impacting Windows users, my advice is always the same: update now. Sometimes, however, the early bird that gets the worm discovers it's a rotten one. Who can forget the recent security update that killed Microsoft's Windows Hello security feature, for example. Or, even more recently, the disastrous April 8 update to protect against the CVE-2025-21204 vulnerability that installed a mysterious folder, and got everyone's collective conspiracy theory panties in a bunch.
Microsoft had to issue a notice explaining that the folder was critical protection against being attacked by threat actors exploiting the vulnerability in question and, unlike the advice spreading across social media platforms, not to delete it under any circumstances. That folder was called inetpub and it's at the heart of this latest warning, from a highly respected security researcher who used to work for Microsoft itself.
'I've discovered this fix introduces a denial of service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates,' the researcher, Kevin Beaumont, said.
I have reached out to Microsoft for a statement, but in the meantime this is some of the response that was sent to Beaumont after he contacted Microsoft about the issue: 'After careful investigation, this case is currently rated as a Moderate severity issue. It does not meet MSRCs current bar for immediate servicing as the update fails to apply only if the 'inetpub' folder is a junction to a file and succeeds upon deleting the inetpub symlink and retrying.'
Microsoft told Beaumont that it had shared the report with the relevant Windows security team, which would consider a potential fix, but for now, the case was closed.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Miami Herald

an hour ago

• Miami Herald

European leaders seek ‘digital sovereignty' over tech infrastructure

June 21 (UPI) -- Leaders of many European nations say they need to do more to develop technological infrastructure to ensure digital sovereignty instead of relying on services from global tech firms. A recent forum discussion on the market dominance of global corporations assessed the "blurring of the boundaries between economic and political control" among European nations by tech firms. A consensus of attendees at the ongoing Berlin Summit 2025 agreed European nations need to coordinate their efforts to develop infrastructures to "avoid path dependencies and long-term dependence on global platform players," Forum New Economy reported on Friday. "European countries are highly dependent on companies from the USA and China in a variety of technological infrastructures, from cloud services and social media to generative artificial intelligence," Forum New Economy reported. Such companies dominate European markets and are increasing their control of digital infrastructures, innovation networks, supply chains, data flows and research agendas. An example is Microsoft earlier this year suspending the business email account for International Criminal Court prosecutor Karim Khan. The action occurred within months of the ICC issuing a warrant for the arrest of Israeli Prime Minister Benjamin Netanyahu. Although the tech firm suspended Khan's ICC email account, Microsoft officials said it still is providing services for the ICC. The company also announced their intent to support the digital sovereignty of European nations. "We've operated in Europe for more than 40 years, and we have been and always will be a steadfast partner to Europe," Microsoft Chairman and Chief Executive Officer Satya Nadella said in a social media post on Friday. Microsoft is supporting European sovereignty and that of its respective nations with several existing and new tech offerings, Nadella said. The services include Microsoft Sovereign Cloud, Data Guardian, External Key Management and Sovereign Private Cloud. The existing and new offerings "bring digital sovereignty to all European organizations" and"unlock new sovereign ways to run private sovereign clouds," Nadella said. "These new offerings build on decades of pioneering work in sovereign cloud solutions by ourselves and to our partners," he added. Copyright 2025 UPI News Corporation. All Rights Reserved.

Yahoo

an hour ago

• Yahoo

Growth Investors: Industry Analysts Just Upgraded Their Core Lithium Ltd (ASX:CXO) Revenue Forecasts By 13%

Core Lithium Ltd (ASX:CXO) shareholders will have a reason to smile today, with the analysts making substantial upgrades to this year's statutory forecasts. The analysts have sharply increased their revenue numbers, with a view that Core Lithium will make substantially more sales than they'd previously expected. AI is about to change healthcare. These 20 stocks are working on everything from early diagnostics to drug discovery. The best part - they are all under $10bn in marketcap - there is still time to get in early. Following the upgrade, the consensus from four analysts covering Core Lithium is for revenues of AU$675k in 2025, implying a disturbing 99% decline in sales compared to the last 12 months. Prior to the latest estimates, the analysts were forecasting revenues of AU$595k in 2025. It looks like there's been a clear increase in optimism around Core Lithium, given the solid increase in revenue forecasts. See our latest analysis for Core Lithium These estimates are interesting, but it can be useful to paint some more broad strokes when seeing how forecasts compare, both to the Core Lithium's past performance and to peers in the same industry. These estimates imply that sales are expected to slow, with a forecast annualised revenue decline of 99% by the end of 2025. This indicates a significant reduction from annual growth of 75% over the last five years. By contrast, our data suggests that other companies (with analyst coverage) in the same industry are forecast to see their revenue grow 6.5% annually for the foreseeable future. So although its revenues are forecast to shrink, this cloud does not come with a silver lining - Core Lithium is expected to lag the wider industry. The most important thing to take away from this upgrade is that analysts lifted their revenue estimates for this year. They also expect company revenue to perform worse than the wider market. Seeing the dramatic upgrade to this year's forecasts, it might be time to take another look at Core Lithium. Analysts are definitely bullish on Core Lithium, but no company is perfect. Indeed, you should know that there are several potential concerns to be aware of, including a short cash runway. For more information, you can click through to our platform to learn more about this and the 2 other risks we've identified . Of course, seeing company management invest large sums of money in a stock can be just as useful as knowing whether analysts are upgrading their estimates. So you may also wish to search this free list of stocks with high insider ownership. Have feedback on this article? Concerned about the content? Get in touch with us directly. Alternatively, email editorial-team (at) article by Simply Wall St is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks mentioned.

UPI

2 hours ago

• UPI

European leaders seek 'digital sovereignty' over tech infrastructure

1 of 3 | Jensen Huang, founder and chief executive officer of NVIDIA, unveils the latest RTX 5070 laptop processors on stage during the 2025 International CES at the Mandalay Bay Resort and Casino in Las Vegas on January 6. File Photo by James Atoa/UPI | License Photo June 21 (UPI) -- Leaders of many European nations say they need to do more to develop technological infrastructure to ensure digital sovereignty instead of relying on services from global tech firms. A recent forum discussion on the market dominance of global corporations assessed the "blurring of the boundaries between economic and political control" among European nations by tech firms. A consensus of attendees at the ongoing Berlin Summit 2025 agreed European nations need to coordinate their efforts to develop infrastructures to "avoid path dependencies and long-term dependence on global platform players," Forum New Economy reported on Friday. "European countries are highly dependent on companies from the USA and China in a variety of technological infrastructures, from cloud services and social media to generative artificial intelligence," Forum New Economy reported. Such companies dominate European markets and are increasing their control of digital infrastructures, innovation networks, supply chains, data flows and research agendas. An example is Microsoft earlier this year suspending the business email account for International Criminal Court prosecutor Karim Khan. The action occurred within months of the ICC issuing a warrant for the arrest of Israeli Prime Minister Benjamin Netanyahu. Although the tech firm suspended Khan's ICC email account, Microsoft officials said it still is providing services for the ICC. The company also announced their intent to support the digital sovereignty of European nations. "We've operated in Europe for more than 40 years, and we have been and always will be a steadfast partner to Europe," Microsoft Chairman and Chief Executive Officer Satya Nadella said in a social media post on Friday. Microsoft is supporting European sovereignty and that of its respective nations with several existing and new tech offerings, Nadella said. The services include Microsoft Sovereign Cloud, Data Guardian, External Key Management and Sovereign Private Cloud. The existing and new offerings "bring digital sovereignty to all European organizations" and"unlock new sovereign ways to run private sovereign clouds," Nadella said. "These new offerings build on decades of pioneering work in sovereign cloud solutions by ourselves and to our partners," he added.