In a recent turn of events regarding Windows 11 (version 24H2), a folder that Microsoft previously advised users against deleting has come under scrutiny from third-party security researchers. The inetpub folder, introduced in the April update, is designed to play a crucial role in the operating system’s functionality. However, its unintended consequences have sparked a debate about its necessity and safety.
The inetpub folder was created as part of a fix for the CVE-2025-21204 vulnerability, which allowed hackers to exploit symbolic links to redirect system operations. While Microsoft aimed to address this security concern, the introduction of the inetpub folder has led to a new vulnerability that could potentially disrupt system updates.
Security Implications of the inetpub Folder
Security researcher Kevin Beaumont has highlighted a significant issue: the inetpub folder can be manipulated to block Windows updates entirely. This can be accomplished without administrative rights by executing a simple command in the command prompt:
- mklink /j c:inetpub c:windowssystem32notepad.exe
By creating a symbolic link between inetpub and notepad.exe, users can inadvertently prevent Windows from installing updates. The system will misinterpret the situation, leading to a rollback of patches and leaving the system vulnerable.
As of now, Microsoft has not issued a response to this finding, although Beaumont has reached out to the Microsoft Security Response Center (MSRC) for further clarification. The possibility of a dedicated patch to address this new vulnerability remains open.
This situation underscores the complexities involved in software development, where efforts to rectify one issue can inadvertently lead to another. As users navigate these challenges, the importance of vigilance and awareness in system management becomes increasingly clear.
