Microsoft has now confirmed that an April 2025 Home windows safety replace is creating a brand new empty “inetpub” folder and warned customers to not delete it.
This folder is usually utilized by Microsoft’s Web Info Providers (IIS), an internet server platform that may be enabled by way of the Home windows Options dialog to host web sites and net apps.
Nonetheless, after putting in this month’s cumulative updates, many Home windows customers have discovered a newly created C:inetpub folder on their programs, though IIS wasn’t put in in the course of the course of.
BleepingComputer has confirmed this habits on our Home windows 11 and Home windows 10 programs and found that the cumulative replace creates the folder utilizing the SYSTEM account.
Although deleting the folder didn’t trigger points utilizing Home windows in our assessments, Microsoft advised BleepingComputer on Thursday that this empty folder had been deliberately created and shouldn’t be eliminated.
Nonetheless, in response to consumer stories, the April cumulative updates will fail to put in if the C:inetpub listing is created earlier than replace deployment.
Customers warned to not take away the brand new folder
Whereas Redmond nonetheless has to elucidate why the safety updates are creating this folder within the first place, the corporate up to date the advisory for a Home windows Course of Activation elevation of privilege vulnerability (tracked as CVE-2025-21204) in a single day to warn customers to not delete the brand new empty inetpub folder on their laborious drives.
“After putting in the updates listed within the Safety Updates desk to your working system, a brand new %systemdrivepercentinetpub folder will probably be created in your system,” Microsoft says.
“This folder shouldn’t be deleted no matter whether or not Web Info Providers (IIS) is energetic on the goal system. This habits is a part of adjustments that improve safety and doesn’t require any motion from IT admins and finish customers.”
The CVE-2025-21204 safety flaw is brought on by an improper hyperlink decision difficulty earlier than file entry (‘hyperlink following’) within the Home windows Replace Stack which seemingly implies that, on unpatched units, Home windows Replace might observe symbolic hyperlinks in a manner that may let native attackers trick the system into accessing or modifying unintended information or folders.
The corporate warns that profitable exploitation can let native attackers with low privileges escalate permissions and “carry out and/or manipulate file administration operations on the sufferer machine within the context of the NT AUTHORITYSYSTEM account.”
Easy methods to recreate the C:inetpub folder
For many who deleted the inetpub folder, you possibly can recreate it by going into the Home windows “Flip Home windows Options on or off” management panel and putting in Web Info Providers.
As soon as put in, a brand new inetpub folder will probably be created within the root of the C: drive, this time with information in it. Nonetheless, it’ll have the identical SYSTEM possession because the folder created by the latest Home windows safety replace.
If you don’t use IIS, you possibly can uninstall it once more by way of the identical Home windows Options management panel and reboot your laptop when prompted.
This can take away the software program however depart the C:inetpub folder behind.
Microsoft has confirmed that this methodology will recreate the folder with the identical protections.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and learn how to defend towards them.
