@GossiTheDog @wdormann @FritzAdalis @jernej__s Yes it opens a new one. But does the created folder by the update still allow a user to create files in C:\inetpub or are the permissions locked down to administrators?
@faebudo @GossiTheDog @wdormann @FritzAdalis @jernej__s
Users can RX, not write.
But, unless there's an admin permissions pop-up, a user with admin can copy/paste commands to download vulnerable crap into this folder anyway.
There are still too many users who have admin, especially in home, school, and small business environments.
@faebudo @GossiTheDog @wdormann @FritzAdalis @jernej__s I can't create files in the update created inetpub
@GossiTheDog @wdormann @FritzAdalis @jernej__s
So the update fixes CVE-2025-21204 by updating folder permissions for C:\inetpub even if it was created by a user beforehand. Also a normal user can't create files in C:\ only folders.
Users that already deleted the folder should temporarily install IIS to create the folder again with correct permissions.
Edit: as @GossiTheDog points out the acl updating breaks for junctions (which a normal user can create but where setting the permissions does not update the target permissions) and stops the update from applying.