back to article Microsoft mystery folder fix might need a fix of its own

Turns out Microsoft's latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows updates. The folder, typically c:\inetpub, reappeared on Windows systems in April as part of Microsoft's …

  1. anthonyhegedus Silver badge

    Quality control - yes we’ve heard of it

    Instead of using resources in areas like advertising, advertising, advertising and tracking, perhaps they could invest some money in quality control at Microsoft. While they’re at it, perhaps they could a tually do some consumer research and find out what people need from a modern OS.

    This is just abuse. They have the money, they just want more of it. They created this monster, and because of their policies, we have ridiculous situations like hundreds of millions computers going to landfill this year.

    It’s happening on their watch. It’s protectionism by any other name.

    1. Nate Amsden

      Re: Quality control - yes we’ve heard of it

      doubtful so many computers will go to landfill immediately following win10's expiration(non LTSC). Many will just continue to use their OS without new patches for a while. Most software will continue to get updates and probably the most important of which is the browser. Chrome stopped supporting win7 about 3 years past EOL. I think firefox supported Win7 through Firefox ESR for at least another year so 4 years past EOL. Steam stopped Win7 early 2024 looks like it. I suspect Win10 will have an extended life much like Win7 did. I know some more resourceful folks got extra updates out of Win7 by changing to embedded license or something (I never tried that).

      While not used for anything too serious I still have at least 4 or 5 systems at home that run Win7, and yes I do do internet things on them occasionally. Most of the time they are off as I don't need them often. I actually bought licenses for Bitdefender earlier this year to install on a couple of Win7 systems for retro gaming(mainly paranoid about "no CD/DVD" cracks of games I own, also used virustotal to scan those).

      my main daily driver system of course is Linux and has been since 1998.

      1. anthonyhegedus Silver badge

        Re: Quality control - yes we’ve heard of it

        This is probably true of “home” users - both tech-savvy (because they know how to protect themselves somewhat) and non-techy (because they just don’t know). But in business, particularly small businesses, where a security breach could mean bankruptcy, many business owners will want to err on the side of caution. Larger organisations will certainly not want to take the risk, at least not with very careful consideration.

        Small business owners don't want to be bothered with technical risk if they can avoid it.

        But in any case, if we follow Microsoft's line, that would be to replace all non-upgradeable computers this October. They are encouraging this absolute waste, through greed. They could decide to keep support for all Windows 10 installations, but they don't want that work eating into their bottom line.

        If they just waited 5 to 10 more years, those computers would naturally expire anyway.

        Two things stand out to me:

        1. If they're keeping the LTSC version updated anyway, is it really that much more work (if any) just to keep regular Windows 10 installations updated too? I mean they're writing the software, aren't they?

        2. Their insistence that computers can be upgraded is disingenuous at best. Even the message from the readiness tool says that your computer is not compatible with Windows 11 *at the moment*. That sort of implies that it's possible to upgrade the hardware. In most cases, this is impractical. Sure, just upgrade the CPU in your old laptop, easy! Yes, some can be upgraded of course.

        The facts of the matter are that they will be prepping the updates anyway, and they're really pushing for people to get a new computer (and making it feel like it's their decision, because it's just too much hassle to upgrade the hardware). It's bullying basically.

        The article is about Microsoft's ineptitude in fixing bugs. My point is that they have the resources to make a damn good quality control system. But that's never been at the heart of what they do, has it?

        1. DCdave

          Re: Quality control - yes we’ve heard of it

          [quote]

          1. If they're keeping the LTSC version updated anyway, is it really that much more work (if any) just to keep regular Windows 10 installations updated too? I mean they're writing the software, aren't they?

          [/quote]

          Yes and no. Windows 10 general availability is 22H2, Windows 10 LTSC is 21H2. Admittedly that is the same code base as Server 2022, but of course one is a client OS and the other a server OS.

        2. MisterHappy

          Re: Quality control - yes we’ve heard of it

          TBH Windows 10 EOL is also Windows 10 Extended Support day.

          "Yes you can keep Windows 10 for up to 3 years, just pay the monthly fee per computer"... Same as Windows 7, Server 2012R2 & probably Server 2016 in a year or so.

          Small businesses may decide it's easier & possibly cheaper to scrap and replace but larger organisations will sign up for the extended support.

          1. Doctor Syntax Silver badge

            Re: Quality control - yes we’ve heard of it

            If the cost of extending support is cheaper than replacing, expect them to sign up, especially if they're inthe US & are now going to be caned over tariffs.

          2. trindflo Silver badge

            Or use a third party to supply the patches without the latest new security holes

            There is a solution cheaper than Microsoft's to keep Windows 10 running securely

            0patch pcworld article

        3. Terry 6 Silver badge

          Re: Quality control - yes we’ve heard of it

          Small business owners don't want to be bothered with technical risk if they can avoid it.

          The ones I know don't want to be bothered with computers at all and will keep using the same one until it melts into a puddle.

        4. veti Silver badge

          Re: Quality control - yes we’ve heard of it

          No matter how long you extend the lifetime, people will still moan about having their hardware deprecated. Remember WinXP?

          Windows 11 has been available for four years now. Anyone who bought a new computer since then, if it's still running W10, they have only themselves to thank (or blame) for that. US accounting standards say that the expected lifespan of a working computer is five years, so I would say MS really should support Win 10 at least a bit longer, but "5 to 10 years" is unreasonable.

          1. Alumoi Silver badge

            Re: Quality control - yes we’ve heard of it

            The expected lifespan of a working computer is until you can't get spare parts for it.

            The software, on the other hand, is at the mercy of the creator. He either makes a good, working program or he works for Microsoft and all the rest (forced upgrades for the sake of upgrading, artificial limits on hardware and so on).

            Thank $deity for Linus and the people who like to write software and donate their work to the public.

            1. eionmac

              Re: Quality control - yes we’ve heard of it

              We thank Linus daily, for a system that works; without problems.

            2. Terry 6 Silver badge

              Re: Quality control - yes we’ve heard of it

              Yes and no. And I do contribute money towards "free" software I use. But reality is that FOSS is subject the interest, preference and availability of the developer(s). If they want a programme to work or look a certain way, then that's how it's going to be, no matter if it makes no sense to users, or how many polite request they get from users to vary that. Ditto if something isn't working properly ( or isn't implemented in the latest version because the devs aren't interested in changing the code to make it remain compatible in some way), or if the devs don't want to spend time working on some programme that people rely on, or can't afford the time, or would rather be working on something new instead of revising something existing, or they die. Which could, of course, also apply to commercial software, but that may at least be less susceptible to the availability and whims of one or two people especially if there are alternatives ( though often Microsoft, to name just one, do often show the same level of whimsy as FOSS devs I have to admit) .

              1. Alumoi Silver badge

                Re: Quality control - yes we’ve heard of it

                But reality is that FOSS is subject the interest, preference and availability of the developer(s). If they want a programme to work or look a certain way, then that's how it's going to be, no matter if it makes no sense to users, or how many polite request they get from users to vary that. Ditto if something isn't working properly ( or isn't implemented in the latest version because the devs aren't interested in changing the code to make it remain compatible in some way)

                And that's different from Microsoft et all because...?

                1. Terry 6 Silver badge

                  Re: Quality control - yes we’ve heard of it

                  I did say that this was also a thing. But at least in theory consumer pressure and market forces mean that commercial companies ought to try and meet customer needs ( even Microsoft used to), and fix stuff (ditto). And have competitors (another ditto). And won't go off and get a full time job elsewhere and not have time for the programme they developed.

            3. anthonyhegedus Silver badge

              Re: Quality control - yes we’ve heard of it

              You mean thank %deity%

              You're welcome

              Micro$oft

          2. Anonymous Coward
            Anonymous Coward

            Re: Quality control - yes we’ve heard of it

            Companies ≠ people. Accounting standards ≠ reality. Just because accounting standards (which likely come from tax law) leave no residual value in the hardware the use value is decidedly higher than zero.

          3. katrinab Silver badge
            Windows

            Re: Quality control - yes we’ve heard of it

            A Core i7 3770 (13 years old) is still a very usable computer today for most use-cases. Why should people be forced to scrap it, just because of planned obsolescence?

        5. David 132 Silver badge
          Thumb Up

          Re: Quality control - yes we’ve heard of it

          All good points.

          >But in business, particularly small businesses, where a security breach could mean bankruptcy,...

          More than that; someone correct me if I'm wrong, but don't a lot of cyber (ugh, I hate that word) insurance policies mandate that the business keeps up-to-date on software patches and doesn't run unsupported software? A bit like car insurance policies being cancelled if the car's been modified.

    2. Doctor Syntax Silver badge

      Re: Quality control - yes we’ve heard of it

      "perhaps they could invest some money in quality control at Microsoft"

      Why would they? They've got users and people like Kevin Beaumont to do it for them. QC costs money if you do it in house.

    3. captain veg Silver badge

      Re: Quality control - yes we’ve heard of it

      With respect, fuck your "modern OS".

      We've never needed more than a scheduler, memory management and a file system.

      Internet access is useful, though it introduces rather serious security concerns. Notwithstanding, being online by default ought, at least, make it easy to obtain graphical shells. Microsoft's "Presentation Manager" might be one of them.

      -A.

    4. Shred

      Re: Quality control - yes we’ve heard of it

      You have made the mistake of thinking that Microsoft is a software development company and cares about the quality of their software.

      Microsoft is primarily a marketing company. Software development is just a little side-line to them.

    5. bombastic bob Silver badge
      Big Brother

      Re: Quality control - yes we’ve heard of it

      yes, but MONEY is only a means by which they achieve the REAL goal... (see icon)

  2. kmorwath

    Patching the Dumbai way...

    ... this kind of lazy fixes I've seen already. It would be already bad enough as a temporary workaround, very bad as a fix. But someone at Microsoft should have asked ChatGPT instead of doing his work.

    1. Doctor Syntax Silver badge

      Re: Patching the Dumbai way...

      Maybe it's what ChatGPT advised.

      1. Alumoi Silver badge

        Re: Patching the Dumbai way...

        Maybe??? It's so dumb only an AI would think of it. Oh, wait... Microsoft....

    2. Inkey
      Thumb Down

      Re: Patching the Dumbai way...

      More like co-pilot ...

      1. Anonymous Anti-ANC South African Coward Silver badge

        Re: Patching the Dumbai way...

        Soon to be renamed crap-pilot

  3. Omnipresent Silver badge

    if it stops micr$

    from infiltrating your personal computer, there will be a fix as soon as they teach the AI bot how. I expect this to be a quicker fix than email.

  4. TheGriz

    Inetpub Folder

    Heck, I've been seeing this popup and I have been DELETING the dang thing.

  5. Jou (Mxyzptlk) Silver badge

    Nothing new here...

    I've been using mklink /j for inetpub countless times to have the actual folder on D:, i.e. away from the system drive. Other side effects: You can activate deduplication, works wonders on log files and much of web content.

    Yes, you could mount a drive in c:\inetpub, but when that drive mount fails for some reasons your inetpub gets filled the normal way. With the junction it is just unusable, and that gets noticed instead of potentially filling C:.

    1. PRR Silver badge
      Devil

      Re: Nothing new here...

      > using mklink /j for inetpub countless times to have the actual folder on D:, i.e. away from the system

      WHA? When I was running Xitami and Apache on Windows I could put "D:\http\" in an ini file to have off-root app and text folders. Not so easy in MS's webserver, but it smelled like hacker-bait right out of the shrinkwrap.

  6. Doctor Syntax Silver badge

    "This one weird trick"

    Just one? The whole of Windows is weird.

    1. David 132 Silver badge
      Happy

      I think it's El Reg's sarcastic attempt at a clickbait headline.

      Still, could be worse.

      "You Won't Believe What This Redmond Company Just Did"

      "What Internet Users In $your_ip_geolocation Are All Obsessed With"

      "Top 10 Windows Annoyances. Number 4 Will Shock You!"

  7. Richard 12 Silver badge

    I'm sure creating junctions used to require admin privilege. I recall considering them for something and deciding against it as a normal user couldn't.

    I guess that's changed. I wonder when.

    1. Steve Foster

      Not admin privilege per se, but the right permissions on the file system (commonly given to admins).

  8. Pascal Monett Silver badge
    Trollface

    "Microsoft's testing process is under the microscope"

    Yeah, you're going to need a microscope to find it.

    1. FirstTangoInParis Silver badge

      Re: "Microsoft's testing process is under the microscope"

      We’re gonna need a bigger microscope ….

      1. biddibiddibiddibiddi Silver badge

        Re: "Microsoft's testing process is under the microscope"

        Need an astronomical interferometer array the size of Jupiter's orbit aimed at Earth.

  9. J.G.Harston Silver badge

    On many default-configured systems, even standard users can run the same command,

    By default, non-Admin have write access to the root??????

  10. Anonymous Coward
    Anonymous Coward

    mklink /j ...

    /J - Join.exe? of MS-DOS days.

    Back then (MS-DOS 3.x) I used to join my drives under C:\ so my (Unix) code didn't have to deal with drive letters.

    The opposite command - making drives out of directories - I think was subst.exe.

    As Marvin would have said "Ghastly,... absolutely ghastly."

    Minix 1.5 on an AT hard disk meant leaving those horrors behind perhaps for some new ones. :)

    1. Brewster's Angle Grinder Silver badge

      Re: mklink /j ...

      I've not used join in a while, but I still use subst It's useful for mounting network drives. And it's convenient temporary link, no matter where the files are on the actual drive.

  11. Anonymous Coward
    Anonymous Coward

    The graphic

    Looked to me like the firearm was being pointed at ground for safety while the bearer crouched presumably taking cover from an an armed adversary.

    Silly me. It's of course MS about to blow its own foot off. Again.

    1. Anonymous Coward
      Anonymous Coward

      Re: The graphic

      Microsoft are welcome to blow their own foot off. They just shouldn't blow off mine and my users' along with it.

  12. RedGreen925

    "and admins are left wondering how such a basic DoS route slipped into production."

    Hahahahahahaaha, you are killing me, really from a company that has put out this garbage for going on forty years now. Somehow these clowns paying good money to suffer exploit after exploit like clockwork daily put out by an organization that has not one single clue how to do anything properly. They are wondering how it happens, apparently all that experience with nothing but this trash day after day is not enough of a lesson. Them Windows using morons do indeed deserve everything they get.

    1. anthonyhegedus Silver badge

      It really is a case of "the emperor's new clothes". Been that way since Win95, which wasn't a proper OS. Everyone seems to love Windows XP, but it was a total virus-magnet. At least they've made a lot of progress with that since then but I think they've not only lost control of the MASSIVE code-base, but I think they've lost control of the feature set.

      It's a war between functionality and ease of use of the one hand and make as much money as possible from these stupid cunts on the other.

  13. ecofeco Silver badge
    Facepalm

    Oh dear god

    Someone make it stop.

  14. Kev99 Silver badge

    "Microsoft testing"?? That's a bigger oxymoron the "military intelligence".

    As far as security updates (another mictosoft oxymoron) there's simple solution I've been using since Hector was a pup. DON"T click on every URL that pops up. DON"T open every email without checking the real email address first. On most reputable emails, hovering the cursor over the sender's name will disclose the actual address. And, TURNOFF your Pc when it's not in use. Following these simple steps gave me years of safe & clean browsing under win7. I'm still looking for a good reason to have upgraded from 7 to 10 besides mictosoft's sycophants crippling their gear to not work under 7.

  15. Plest Silver badge
    Facepalm

    Billions in revenue and they hire techs with the experience of GCSE computer studies students!

    So putting in a user created symlink borks one of the major sub-systems in an operating system used by billions! Brilliant!

    I'm not a coder by trade by even my scripting extends to checking filesystem object types when I'm automating processes to make sure I know I'm working with the right objects, it's not even clever, it's just plain f**king common sense!

  16. david 12 Silver badge

    :"and rolled everything back"

    Just to be clear,

    If you have not yet run this patch, you can block it, by creating a dodgy c:\inetpub, which will cause the update to fail.

    The odd thing is "So you just go without security updates," he noted."

    Failing one update causes all security updates to fail?

    I'm no longer doing enterprise updates. Is blocking all updates now this easy?

    1. collinsl Silver badge

      Re: :"and rolled everything back"

      Because almost every update out of M$ these days is cumulative, then yes, it does block all future updates.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like