Understanding the New Folder on Windows Systems
Windows users who have recently updated their operating systems may have noticed an unfamiliar folder appearing on their hard drives. This folder, typically located at C:inetpub, is a harmless addition resulting from the latest security patches and is advised to be left untouched.
The creation of this directory is tied to Microsoft’s Internet Information Services (IIS) and serves a specific purpose. It was established to address a critical vulnerability, identified as CVE-2025-21204, which could potentially allow malware or unauthorized users to gain system-level file-management privileges. By installing the April Patch Tuesday updates for Windows 10 and 11, users inadvertently create this folder as an added layer of security.
Microsoft has clarified the situation, stating, “After installing the updates listed in the security updates table for your operating system, a new %systemdrive%inetpub folder will be created on your device.” The company further emphasizes that this folder should remain intact, regardless of whether IIS is active on the system. This precautionary measure does not necessitate any action from IT administrators or end-users.
The inetpub folder is not a new phenomenon for those familiar with IIS, as it has long been utilized to store web server script files, site content, and various related components. In the context of CVE-2025-21204, the folder is established with read-only SYSTEM-level access, effectively blocking potential privilege-escalation exploits that have yet to be publicly detailed.
It’s worth noting that the folder will appear even if IIS has not been installed, which is not included by default in Windows 10 and 11 installations. Therefore, it is advisable to leave the folder as is, as it is a proactive measure against possible future threats, according to Microsoft. Currently, there are no known instances of CVE-2025-21204 being exploited in the wild, nor is there any publicly available exploit code.
For those who may have deleted the folder post-update, recovery is straightforward. Users can navigate to the Windows Control Panel, select Programs and Features, and then click on “Turn Windows features on or off.” By locating IIS in the list and confirming the selection, the folder will be recreated with the appropriate SYSTEM-level permissions. Users can then disable IIS and restart their systems, as it remains an underutilized feature in contemporary computing.
Alternatively, users can manually create the folder, ensuring it has read-only access and SYSTEM-level ownership, should they wish to take that route.
