The Mysterious inetpub Folder: A Crucial Part of Windows' Security Fix

Remember the odd inetpub folder that seemingly randomly appeared on people's root drives after installing a Windows 11 update? Everybody assumed it was something left over from an update script, and that the folder was safe to remove. Well, it turns out that's not the case, as the empty folder is actually a crucial part of a security fix for a serious vulnerability.

Initially undocumented in the official release notes, the inetpub folder led to user speculation about whether it was a leftover artifact from development or a bug. Microsoft has since clarified that the folder is intentional and part of a critical security improvement. The change addresses CVE-2025-21204, a vulnerability that allowed local attackers to exploit symbolic link (symlink) attacks via Windows Update, potentially granting unauthorized access to protected system files or directories.

As part of the fix, the system pre-creates certain directories — including C:\inetpub — to harden the update process and mitigate such attacks. If you've already removed the folder, you can reinstall the April 2025 cumulative update to restore the folder, or you can wait for next month's update roll-up, which will also restore the folder.

This lone, empty folder at your Windows PC's root is apparently a crucial part of the security of your computer, but since it took Microsoft a while to publish release notes, nobody knew where it was coming from. The idea that a random, empty folder usually associated with IIS could be part of a vulnerability mitigation didn't cross anybody's mind at the time, especially since random folders appearing at a Windows PC's root aren't exactly uncommon or out of the ordinary.

The consensus seems to be that creating this folder is a pretty clever form of mitigation, despite feeling so hacky. I'm assuming Microsoft's engineers are capable, and that making the folder in question impossible to delete or somehow hidden is simply not an option and would break the vulnerability mitigation, but that doesn't change the fact that this looks like a really crude hack that should be solved in a more elegant way.

Followers of the original article have pointed out that creating a permanent, hidden inetpub folder may not be the best solution, as it could lead to confusion among users and create more problems down the line. However, some argue that this might be an interim workaround while Microsoft works on a more permanent solution.

A Security Fix with a Crude Solution

New exploit: Step 1 – Look for inetpub folder in your root directory. Step 2 – Delete the folder if you find it. However, be aware that this will likely trigger a security update, which may not be what you want.

So, how did Microsoft come up with this solution? Unfortunately, it's not entirely clear, but it seems like they're trying to protect users from exploit attacks via symbolic links. The inetpub folder is probably meant to be a safe haven for these updates, but the implementation is a bit... unconventional.

In any case, Windows users deserve better than this kind of security fix. With nothing but exploit after exploit continuously happening like clockwork with that garbage they produce, it's no wonder users are getting frustrated. Perhaps Microsoft should take a step back and re-evaluate their approach to security updates?

A Temporary Hack or Permanent Solution?

Some engineers at Microsoft might be arguing with managers to fix things the right way, while management is pressuring them to produce a quick and dirty hack that may not be sustainable in the long run. It's hard to say what the future holds for this solution, but one thing is certain: Windows users will have to deal with it until then.

So, what can you do? For now, it seems like reinstalling the April 2025 cumulative update or waiting for next month's update roll-up might be your best bet. In any case, keep an eye on your system and be prepared to adapt to any changes that come your way.