In a recent update regarding CVE-2025-21204, Microsoft has informed users about the introduction of a new inetpub folder, which plays a crucial role in enhancing system protection.
Understanding the inetpub Folder
As part of the April Patch Tuesday updates, Microsoft addressed a link following flaw within the Windows Update Stack. This update results in the creation of a new folder located at %systemdrive%inetpub on user devices.
Upon noticing this new folder, many users expressed concerns about its origin and purpose. The inetpub folder is typically associated with Internet Information Services (IIS), a web server platform developed by Microsoft for hosting websites, web applications, and services on Windows systems. It’s worth noting that IIS is not installed by default and can be enabled through the Windows Features dialog.
In their update, Microsoft emphasized:
“This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users.”
The vulnerability identified as CVE-2025-21204, if successfully exploited, allows an authorized attacker to elevate privileges locally. According to Microsoft:
“An authenticated attacker who successfully exploits this vulnerability gains the ability to perform and/or manipulate file management operations on the victim machine in the context of the NT AUTHORITYSYSTEM account.”
The term “link following flaw” refers to a situation where the product attempts to access a file based on its filename but fails to adequately prevent that filename from linking to an unintended resource. To mitigate this risk, denying access to specific files can thwart an attacker’s ability to substitute legitimate files with malicious links. This can be achieved by assigning appropriate file and folder permissions, such as setting a folder to “Read-only,” which permits users to view files without the ability to modify them.
In summary, the inetpub folder serves as a protective measure against potential exploitation of vulnerabilities. Its presence is minimal in terms of storage, making it advisable for users to leave it intact.
We don’t just report on threats—we remove them
Cybersecurity risks should never extend beyond a headline. Safeguard your devices by downloading Malwarebytes today.
