Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/wdormann/statuses/114314094283907503">Will Dormann (wdormann@infosec.exchange)'s status on Friday, 11-Apr-2025 00:39:03 JST</a><a href="https://infosec.exchange/@wdormann" title="wdormann@infosec.exchange"><img src="https://gnusocial.jp/avatar/232810-48-20240116185707.webp" width="48" height="48" alt="Will Dormann" style="position: absolute; left: 0; top: 0;">Will Dormann</a><div><a href="https://cyberplace.social/@GossiTheDog/114312675754733427" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/106016" title="jernej__s@infosec.exchange">Jernej Simončič �</a></li></ul></div></section><article><p><a href="https://cyberplace.social/@GossiTheDog" rel="nofollow">@GossiTheDog</a> <a href="https://infosec.exchange/@jernej__s">@jernej__s</a> <br>Yeah, so this is interesting. I was skeptical, but I can confirm that <a href="https://support.microsoft.com/en-us/topic/kb5057589-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-april-8-2025-74bc2baa-4ac6-40d0-8dde-4a8462b8f7e7" rel="nofollow">KB5057589</a> (which installs <a href="https://support.microsoft.com/en-us/topic/kb5055674-safe-os-dynamic-update-for-windows-10-version-21h2-and-22h2-april-8-2025-bccc4714-2dca-4d07-be7b-1f38d9eb3e5b" rel="nofollow">KB5055674</a>) for Windows 10 will fail to install if there is a C:\inetpub directory present ahead of time, which a non-admin user can fulfill.</p><p>I wouldn't expect the update to be so fragile that the mere presence of a C:\inetpub directory prevents its installation. While KB5057589 is indeed listed as a "Security Update", I can find no information of what CVE(s) it fixes.  🤔</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4869453#notice-9546445">In conversation</a><time datetime="2025-04-11T00:39:03+09:00" title="Friday, 11-Apr-2025 00:39:03 JST">about 15 days ago</time> <span>from <span><a href="https://infosec.exchange/@wdormann/114314094283907503" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@wdormann/114314094283907503">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/4443785">windows 10 VM 
Pre-reboot for April 2025 updates
limited user has created c:\inetpub</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/314/084/290/005/673/original/1046fbf3d5631702.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/314/084/290/005/673/original/1046fbf3d5631702.png</a></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/4443786">Windows Update
Error encountered 0x80070643</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/314/084/912/020/799/original/ada09b9ca13f641b.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/314/084/912/020/799/original/ada09b9ca13f641b.png</a></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/4443787">KB5057589 failed to install 0x80070643</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/314/085/867/522/689/original/e8d5cf1eaac1fb90.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/314/085/867/522/689/original/e8d5cf1eaac1fb90.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Will Dormann (wdormann@infosec.exchange)'s status on Friday, 11-Apr-2025 00:39:03 JSTWill Dormann
in reply to
- Kevin Beaumont
- Jernej Simončič �
@GossiTheDog @jernej__s
Yeah, so this is interesting. I was skeptical, but I can confirm that KB5057589 (which installs KB5055674) for Windows 10 will fail to install if there is a C:\inetpub directory present ahead of time, which a non-admin user can fulfill.
I wouldn't expect the update to be so fragile that the mere presence of a C:\inetpub directory prevents its installation. While KB5057589 is indeed listed as a "Security Update", I can find no information of what CVE(s) it fixes. 🤔
In conversationabout 15 days ago from infosec.exchangepermalink
Attachments

Public

Embed Notice

HTML Code

Corresponding Notice