Windows users are currently navigating a complex landscape of security challenges, with issues ranging from zero-day vulnerabilities targeting password theft to hackers circumventing Windows Defender protections. Adding to this mix is Microsoft’s recent decision to eliminate VPN provisions for Windows Defender users and, more critically, to withdraw security support for Windows 10. For those who act swiftly, however, there remains an opportunity to upgrade to Windows 11 at no cost.
In the latest twist, a perplexing new folder has emerged following the April 8 Patch Tuesday security updates. This folder, which appeared without explanation, has prompted Microsoft to issue a stern warning to its billion users: do not delete it.
Do Not Delete This Mysterious New Windows Folder
The April 8 updates included a fix for CVE-2025-21204, a vulnerability within the Windows Update Stack that could allow attackers to elevate privileges locally. Experts from SecurityVulnerability.io have characterized this as a significant risk, stating that compromised systems could enable unauthorized actions, jeopardizing the integrity and security of sensitive information. While the technical details of link resolution process manipulation may be intricate, the implications are clear: the potential for serious disruption and the introduction of further vulnerabilities is real.
In response, Microsoft has implemented a fix, but the method has raised eyebrows. The creation of a new, empty folder as part of this security update has sparked a flurry of discussions across tech forums and social media. Users are left questioning the purpose of the “inetpub” folder: Is it a data collection tool? Should it be deleted?
Microsoft’s advisory has clarified that the answer to the latter question is a definitive no. Deleting the inetpub folder would eliminate essential security protections, which is precisely why it was created in the first place.
Microsoft Confirms Reason For New Windows Folder
An update to Microsoft’s security advisory on April 10 confirmed that after installing the relevant updates, a new %systemdrive%inetpub folder will be generated on user devices. This addition is part of measures aimed at enhancing protection, though the specifics of how it achieves this remain somewhat vague. Traditionally, the inetpub folder is associated with the Internet Information Services (IIS) web server platform, typically activated through Windows Features. However, this update has introduced the folder regardless of whether IIS is installed.
While the need for transparency in security matters is paramount, it must be balanced with the necessity of not revealing too much information to potential attackers. Attempts to obtain further clarification from Microsoft yielded no additional insights beyond what is contained in the security advisory. Nevertheless, it is advisable for all Windows users to heed Microsoft’s guidance: “This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device.”
How To Restore The Vital Windows Folder If You’ve Already Deleted It
For those who may have already deleted the inetpub folder amidst the confusion, restoring it is a straightforward process. Follow these six simple steps:
- Open the Windows Control Panel.
- Select Programs.
- In the Programs and Features section, choose the option to Turn Windows features on and off.
- Scroll through the Windows Features box that appears.
- Check the box for Internet Information Services.
- Click OK.
Once completed, Windows will work to recreate the inetpub folder, ensuring that it is restored to your system drive. By enabling IIS in this manner, the folder will be reinstated with the same protective capabilities as intended by Microsoft’s security update.
