Particle.news
Download on the App Store
5 ARTICLES
·
last mo.

Microsoft Confirms 'inetpub' Folder Creation in April Update as Security Measure

The folder, linked to a vulnerability fix for CVE-2025-21204, is intentionally created and should not be deleted, Microsoft advises.

A man at a desk using a laptop and holding his hands up, while having a confused look on his face
Will Dormann spotted an errant 'inetpub' folder
inetpub folder in a C:/ drive.
inetpub folder in a C:/ drive.

Overview

  • Microsoft's April 2025 cumulative updates for Windows 10 and 11 create an empty 'inetpub' folder on system drives, even if IIS is not installed.
  • The folder is linked to a security fix addressing CVE-2025-21204, a vulnerability involving improper link resolution in the Windows Update process.
  • Microsoft confirmed the folder's creation is intentional and warned users not to delete it, as it enhances system protection.
  • The 'inetpub' folder is created by an elevated SYSTEM process during the update, but its exact protective purpose remains unclear.
  • This update highlights ongoing challenges in balancing user expectations with security measures in Windows update processes.