Windows 11 users recently found themselves confronted by an unexpected addition to their system drives: the “inetpub” folder. This sudden emergence has left many scratching their heads, as it appeared without warning following the April Windows 11 24H2 (KB5055523) update. Initially perceived as a harmless artifact, the folder is, in fact, a crucial component designed to address a security vulnerability (CVE-2025-21204) within the operating system. However, its presence has sparked confusion and concern among users.
Microsoft’s swift response to user inquiries about the folder was clear: it should not be removed. The “inetpub” directory serves a vital role in managing Windows Update security vulnerabilities, specifically aimed at preventing limited-access users from exploiting “symbolic links” to gain unauthorized control of a machine. These symbolic links function similarly to desktop shortcuts, redirecting processes from one location to another. The April security patch utilized Microsoft’s Internet Information Services (IIS) to block this behavior, with “inetpub” being the default directory for IIS.
Yet, the plot thickens. Cybersecurity expert Kevin Beaumont recently highlighted that this very patch, intended to secure Windows 11, has inadvertently introduced a new vulnerability. His findings suggest that a script executed through the Command Prompt could create a denial of service vulnerability, effectively halting Windows updates and exposing systems to external threats. While the original vulnerability primarily concerned local access—such as a hacker physically accessing a computer—the newly identified flaw could allow for remote exploitation, raising the stakes significantly.
Beaumont disclosed that he alerted Microsoft to this issue two weeks prior to publishing his findings. In response, Microsoft acknowledged the vulnerability with a “Moderate” status, indicating that a fix is forthcoming, though it is not deemed urgent. Unfortunately, users are left without official guidance on how to mitigate risks in the interim. It is advisable for users to keep their systems updated, avoid downloading unofficial software, and refrain from deleting the “inetpub” folder, as doing so may complicate future updates.
What to do if you deleted the “inetpub” folder?
For those who may have mistakenly deleted the “inetpub” folder, rest assured that it can be restored. Despite the folder’s potential vulnerabilities, it plays a crucial role in safeguarding your system against exploitation. Here’s how to restore it:
- Open the Control Panel in Windows.
- Navigate to Programs, then select Programs and Features.
- Click on Turn Windows features on or off.
- Check the box next to the Internet Information Services option.
- Click OK.
- Restart your laptop or PC from the Start Menu.
Once your device reboots, you can verify that the “inetpub” folder has returned, continuing its role in protecting against the CVE-2025-21204 vulnerability. If you had previously disabled IIS on your device, be sure to repeat the process and uncheck the box next to Internet Information Services.
