In April 2025, Microsoft released a security update for Windows 11 that introduced a new, empty folder named 'inetpub' on the system drive. This unexpected addition has raised questions among users and IT professionals regarding its purpose and potential impact on system security.

Background: The 'inetpub' Folder and Its Traditional Role

Historically, the 'inetpub' folder is associated with Microsoft's Internet Information Services (IIS), a web server platform used to host websites and web applications. When IIS is enabled, this folder serves as the default directory for storing web content and logs. However, many Windows 11 users noticed the creation of this folder even when IIS was not installed or active on their systems.

The Security Vulnerability: CVE-2025-21204

The introduction of the 'inetpub' folder is directly linked to the mitigation of a critical security vulnerability identified as CVE-2025-21204. This flaw pertains to an improper link resolution issue before file access ('link following') in the Windows Update Stack. Essentially, unpatched devices could allow Windows Update to follow symbolic links in a manner that enables local attackers to trick the system into accessing or modifying unintended files or folders. (bleepingcomputer.com)

Microsoft's Mitigation Strategy

To address this vulnerability, Microsoft implemented a security measure that involves the creation of the 'inetpub' folder. This folder acts as a protective mechanism, preventing the exploitation of the CVE-2025-21204 vulnerability. Microsoft has explicitly stated that this folder should not be deleted, regardless of whether IIS is active on the device. Removing the folder could expose the system to potential security risks. (bleepingcomputer.com)

Implications and Impact

The appearance of the 'inetpub' folder has led to confusion among users, with some mistakenly believing it to be a system error or unnecessary file. However, its presence is a deliberate and essential part of Windows 11's security architecture. Deleting or altering this folder can compromise the system's defenses against privilege escalation attacks.

Technical Details

The 'inetpub' folder is created with specific system-level permissions to ensure its integrity and prevent unauthorized modifications. It serves as a safeguard against symbolic link manipulation, a technique that could otherwise be exploited to gain elevated privileges or access restricted system areas. By maintaining this folder, Windows 11 enhances its resilience against such attacks. (bleepingcomputer.com)

Recommendations for Users

  • Do Not Delete the 'inetpub' Folder: This folder is integral to the security of your system. Deleting it can expose your device to vulnerabilities.
  • Restore the Folder if Deleted: If the 'inetpub' folder has been removed, it can be restored by enabling Internet Information Services (IIS) through the Windows Features control panel. This action will recreate the folder with the necessary security permissions. (bleepingcomputer.com)

Conclusion

The creation of the 'inetpub' folder in Windows 11 is a strategic security measure designed to protect users from specific vulnerabilities. Understanding its purpose and ensuring its presence is crucial for maintaining system security.