Microsoft’s patch for CVE-2025–21204 symlink vulnerability introduces another symlink vulnerability

Microsoft’s fix for CVE-2025-21204 (precreating c:\inetpub) can be abused by a non-admin user creating a junction (e.g., mklink /j c:\inetpub c:\windows\system32\notepad.exe) that causes the Windows servicing stack to fail and roll back updates, effectively blocking future security updates; the researcher disclosed the issue to MSRC and recommends EDR detection for junctions targeting \inetpub.