A few weeks ago, the tech community was abuzz with the emergence of a perplexing folder named “inetpub” on numerous Windows PCs following one of the April updates. Initially perceived as a mere glitch, this empty folder seemed to serve no purpose, raising eyebrows among users and experts alike.
Microsoft later clarified that the inetpub folder plays a crucial role in bolstering Windows security. It was introduced to address the CVE-2025-21204 vulnerability, effectively acting as a safeguard against potential exploitation. However, this seemingly innocuous folder has now become a source of concern, as it appears to facilitate a new security issue that attackers could exploit.
Security researcher Kevin Beaumont brought this alarming development to light in a recent blog post. He highlighted that the inetpub folder, intended to enhance security, could inadvertently allow attackers to circumvent critical security updates within the Windows environment.
Security risk caused by a harmless folder
Beaumont outlined a method to prevent the creation of the inetpub folder by establishing a junction point in the C: directory. In the Windows operating system, a junction point functions as an alias that redirects one directory to another, akin to a shortcut. Beaumont demonstrated this by creating a junction at C:/inetpub that points to notepad.exe.
With this junction point in place, the actual inetpub folder cannot be generated. Consequently, this action also obstructs the installation of the April update and potentially all subsequent security updates until Microsoft addresses this issue. As a result, affected PCs remain vulnerable to other security flaws that have already been patched.
Moreover, Beaumont noted that this situation could lead to a frustrating cycle of error messages and failed update rollbacks, with attackers able to trigger these problems without requiring elevated privileges.
This discovery has been communicated to Microsoft, though a response has yet to be received. The extent to which Microsoft is aware of the issue and is working towards a resolution remains uncertain, but the implications of this situation are significant for users and the broader security landscape.
This article originally appeared on our sister publication PC-WELT and was translated and localized from German.
