Windows 11 users worldwide were all of a sudden mystified by a new folder. A mysterious being, appearing out of nowhere in the system drives without a warning or explanation. The “inetpub” folder.
In fact, this peculiar folder is supposed to be a fix. But it can quickly turn into a flaw, it looks like.
Its sudden appearance caused many to frown in confusion. The empty directory has come with April’s Windows 11 24H2 (KB5055523) update. It was believed this one was a harmless artifact that could be safely removed without risk…
No. Quickly after its appearance Microsoft followed up on suggestions to remove the folder with an undeniable warning not to. The “inetpub” folder was actually there to handle a Windows Update security vulnerability (CVE-2025-21204).
But that’s not where the story ends, seemingly. A recent blog post by cybersecurity expert Kevin Beaumont shows how Microsoft’s attempt to patch one Windows 11 exploit has led to another one, potentially leaving millions of machines open to attackers.
The original patch was aimed at blcoking an exploit where limited-access users could use “symbolic links” to gain advanced control of a machine. That would be done by taking advantage of Windows Update’s elevated permissions.
Symbolic links basically redirect processes from one location to another, just like desktop shortcuts. Windows 11’s April security patch used Microsoft’s Internet Information Services to block this behavior of link following. The Internet Information Services use “inetpub” as a default directory.
But here comes the twist. The patch is… vulnerable to link following exploits itself. The cybersecurity expert shows that a script that you can run through the Command Prompt could introduce a new denial of service vulnerability that stops Windows updates. This makes the system open to future threats.
The issue that the patch was aiming to fix was primarily a local one: like a hacker gaining physical access to your computer or network. Well, the new vulnerability could potentially leave Windows 11 users open to attackers from external sources… which is way worse.
Beaumont claims he informed Microsoft of the issue two weeks before publishing the article. Now, the expert has received an answer from Microsoft indicating the issue has been identified with a “Moderate” status so a fix would be coming in the future, but it’s not entirely as urgent to require an immediate fix.
Unfortunately, though, there’s no official guidance for keeping yourself safe from any other risk, so be careful. Ensure your PC or laptop is always up to date, avoid downloading unofficial or weird software, and don’t think that deleting the folder will solve this issue, as this action may cause issues with future updates.
What to do if you deleted the “inetpub” folder?
Obviously, the folder is important as it prevents a flaw that can expose your computer. Although it creates a vulnerability itself, Microsoft seems not to consider that vulnerability the highest priority at the moment.
Meanwhile, the folder prevents people who have gained physical access to your machine from elevating their privileges by tampering with Windows Update. Which is a known vulnerability, marked with “Important” status.
If you have deleted the folder thinking it’s just an artifact from the update and is not necessary, you can, luckily restore it.
To restore the “inetpub” folder, do the following:
- Open the Control Panel in Windows.
- Go to Programs, then to Programs and Features.
- Select Turn Windows features on or off.
- Check the box next to the Internet Information Services option.
- Click OK.
- Restart your laptop or PC from the Start Menu.
Once your device is back on, you can check to ensure the folder is back there. It should then continue to protect you from the CVE-2025-21204 security vulnerability. Meanwhile, if you had IIS off on your laptop, be sure to repeat the process above and uncheck the box next to Internet Information Services.
