diff --git a/build/VStudio/version.properties b/build/VStudio/version.properties
index d1b0e499..6a6597eb 100644
--- a/build/VStudio/version.properties
+++ b/build/VStudio/version.properties
@@ -7,7 +7,7 @@
         <MyCopyright>2015-2016 Bill Zissimopoulos</MyCopyright>
         <!-- build number: concat 2-digit year with 3-digit day of the year (16-bits until 2066) -->
         <MyBuildNumber>$([System.DateTime]::Now.ToString(`yy`))$([System.DateTime]::Now.DayOfYear.ToString(`000`))</MyBuildNumber>
-        <MyVersion>0.13.$(MyBuildNumber)</MyVersion>
+        <MyVersion>0.14.$(MyBuildNumber)</MyVersion>
         <MyVersionWithCommas>$(MyVersion.Replace('.',',')),0</MyVersionWithCommas>
     </PropertyGroup>
 </Project>
\ No newline at end of file
diff --git a/doc/Changelog.adoc b/doc/Changelog.adoc
index 36e0b625..0d6fb5f6 100644
--- a/doc/Changelog.adoc
+++ b/doc/Changelog.adoc
@@ -1,6 +1,11 @@
 = Changelog
 
 
+v0.14::
+
+- WinFsp-FUSE now uses the S-1-0-65534 <-> 65534 mapping for unmapped SID/UID's. The Anonymous SID mapping from the previous release had security issues.
+
+
 v0.13::
 
 This release includes a Cygwin package, an API change and some other minor changes:
diff --git a/src/dll/posix.c b/src/dll/posix.c
index 7fd296bb..1848c867 100644
--- a/src/dll/posix.c
+++ b/src/dll/posix.c
@@ -42,16 +42,16 @@ union
     UINT8 B[sizeof(SID) - sizeof(DWORD) + (1 * sizeof(DWORD))];
 } FspUnmappedSidBuf =
 {
-    /* S-1-5-7 (Anonymous) */
+    /* S-1-0-65534 */
     .V.Revision = SID_REVISION,
     .V.SubAuthorityCount = 1,
-    .V.IdentifierAuthority.Value[5] = 5,
-    .V.SubAuthority[0] = 7,
+    .V.IdentifierAuthority.Value[5] = 0,
+    .V.SubAuthority[0] = 65534,
 };
 static PISID FspAccountDomainSid, FspPrimaryDomainSid;
 
 #define FspUnmappedSid                  (&FspUnmappedSidBuf.V)
-#define FspUnmappedUid                  (7)
+#define FspUnmappedUid                  (65534)
 
 static BOOL WINAPI FspPosixInitialize(
     PINIT_ONCE InitOnce, PVOID Parameter, PVOID *Context)
@@ -223,7 +223,7 @@ FSP_API NTSTATUS FspPosixMapUidToSid(UINT32 Uid, PSID *PSid)
      * Other well-known SIDs in the NT_AUTHORITY domain (S-1-5-X-RID):
      *     S-1-5-X-RID                         <=> uid/gid: 0x1000 * X + RID
      */
-    else if (0x1000 <= Uid && Uid < 0x100000)
+    else if (FspUnmappedUid != Uid && 0x1000 <= Uid && Uid < 0x100000)
         *PSid = FspPosixCreateSid(5, 2, Uid >> 12, Uid & 0xfff);
 
     if (0 == *PSid)
@@ -325,7 +325,9 @@ FSP_API NTSTATUS FspPosixMapSidToUid(PSID Sid, PUINT32 PUid)
          */
         *PUid = 0x60000 + Rid;
     }
-    else
+    else if (
+        FspUnmappedSid->IdentifierAuthority.Value[5] != Authority ||
+        FspUnmappedSid->SubAuthority[0] != Rid)
     {
         /* [IDMAP]
          * Other well-known SIDs:
diff --git a/tst/winfsp-tests/posix-test.c b/tst/winfsp-tests/posix-test.c
index 03c3df14..8ac37779 100644
--- a/tst/winfsp-tests/posix-test.c
+++ b/tst/winfsp-tests/posix-test.c
@@ -10,6 +10,7 @@ void posix_map_sid_test(void)
         UINT32 Uid;
     } map[] =
     {
+        { L"S-1-0-65534", 65534 },
         { L"S-1-0-0", 0x10000 },
         { L"S-1-1-0", 0x10100 },
         { L"S-1-2-0", 0x10200 },