Windows users are currently navigating a complex landscape of security challenges. The recent emergence of a zero-day vulnerability, which threatens to compromise Windows passwords, alongside hackers circumventing Windows Defender protections, has raised alarms. Adding to this tumultuous environment is Microsoft’s controversial decision to discontinue VPN support for Windows Defender users and, more critically, to withdraw security support for Windows 10. For those looking to upgrade, Windows 11 remains available for free, but time is of the essence.
Do Not Delete This Mysterious New Windows Folder
In the latest twist, following the April 8 Patch Tuesday security updates, users have discovered a new and enigmatic folder on their systems. This folder, created as part of the fix for CVE-2025-21204—a vulnerability in the crucial Windows Update Stack—has sparked considerable debate across tech forums and social media. This vulnerability, described by experts at SecurityVulnerability.io as posing a “significant risk to organizations,” could potentially allow attackers to execute unauthorized actions, thereby jeopardizing the integrity of sensitive information and system operations.
While the technical intricacies of this vulnerability may be daunting, the crux of the matter is clear: the patch was necessary, and its implementation is a positive step. However, the manner in which Microsoft executed this fix has raised eyebrows. The creation of an empty folder, dubbed “inetpub,” has led to questions about its purpose and safety. Users have been left wondering if this folder is a benign addition, a data collection tool, or something more sinister.
In response to the growing concerns, Microsoft has issued a firm warning: users must not delete the inetpub folder. This directive comes as part of their ongoing efforts to clarify the situation and ensure user safety.
Microsoft Confirms Reason For New Windows Folder
On April 10, Microsoft updated its security advisory regarding CVE-2025-21204, confirming that the creation of the %systemdrive%inetpub folder is a direct result of the recent updates. The advisory noted that this addition is intended to bolster protection, although the specifics of how it achieves this remain somewhat opaque. Traditionally, the inetpub folder is associated with the Internet Information Services (IIS) web server platform, typically activated through Windows Features. However, this update has introduced the folder regardless of whether IIS is installed on the user’s device.
While the intention behind this change is to enhance security, the lack of transparency surrounding its implementation is concerning. As a security enthusiast, I strongly advocate for adherence to Microsoft’s guidance: “This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device.” In an era where cybersecurity is paramount, clarity and communication from tech giants like Microsoft are essential for maintaining user trust and safety.
