Canny Windows users who’ve spotted a mysterious folder on hard drives after applying last week’s security patches for the operating system can rest assured – it’s perfectly benign. In fact, it’s recommended you leave the directory there.

The folder, typically C:\inetpub, is empty and related to Microsoft’s Internet Information Services (IIS). It will be created when you install the security patches whether or not you’re using that optional web server. The purpose of the folder is to mitigate an exploitable elevation-of-privileges flaw within Windows Process Activation, classified as CVE-2025-21204.

That CVE, which can give malware on a system or a rogue user system-level file-management privileges, was fixed in the April Patch Tuesday batch from the Windows maker; installing the fix on Windows 11 and 10 will create the directory as additional protection, we’re told.

“After installing the updates listed in the security updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device,” advised Microsoft.

“This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users.”

[…]

If you have deleted it after applying the patch, there’s a fix. Go to the Windows Control Panel and open Programs and Features. On the left you’ll see “Turn Windows features on or off.” Scroll down until you find IIS and hit “OK” after highlighting it. The folder will be recreated with the correct SYSTEM-level permissions. You can then switch off IIS and restart. (No one uses IIS these days.)

Or create the folder by hand with read-only access and SYSTEM-level ownership

Source: Don’t delete inetpub folder. It’s a Windows security fix • The Register

Remember Recall? It’s been close to full trip around the sun since Microsoft announced then suddenly pulled its AI-powered, auto-screenshotting “photographic memory” software for Copilot+ PCs. Whether you want it or not, the feature is coming back, and you should be prepared for it not just if you’re planning to use it, but if you imagine any of your friends, family, or coworkers plan to use it too.

Microsoft’s latest blog about the Windows Insider build KB5055627 includes the note that Recall is rolling out “gradually” to beta users over the coming weeks. Like what Microsoft first showed off in May 2024, Recall automatically screenshots most apps, webpages, or documents you’re on. The system catalogues all these screenshots then uses on-device AI to parse what’s on each screenshot

[…]

Microsoft originally recalled Recall  when security experts found glaring, obvious holes in the software that let any user with access to the PC read the AI’s excerpts. The program had no qualms about screenshotting bank accounts, social security numbers, or any other sensitive information. Microsoft returned Recall to the drawing board, and now users need to enroll in Windows Hello biometric or PIN security to access the screenshots. Users can also pause screenshots or filter out certain apps or specific webpages (though only for Edge, Firefox, Opera, and Chrome browsers). That may not be foolproof, as reports from late last year showed Recall failed to detect when it was looking at bank info. It will be up to users to ensure every sensitive page they visit is on the no-go list.

Users will choose whether to enable or disable Recall the first time they startup their device with the new update. To disable it, you need to search “Turn Windows features on or off” in the Windows 11 taskbar, then uncheck Recall.

[…]

This is where some security-focused Windows users are especially concerned. You can tell Recall to gather dust alongside all the other pre-installed Windows apps, but that doesn’t mean your less-tech literate family member will. Security blogger Em pointed out in a Mastodon post (via Ars Technica) if you send that family member any photos or sensitive information, they could be scraping everything you text or email them, including family photos or passwords, and you wouldn’t even know it.

[…]

Source: Windows’ Controversial Recall Is Back—Here’s How to Control It

A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment – and, to be fair, it doesn’t take much craft to pull that off.

The spoofing flaw, tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior to 2.2450.6, and stems from a bug in how the app handles file attachments.

Specifically, WhatsApp displays attachments based on their MIME type – the metadata meant to indicate what kind of file it is – but when a user opens the file, the app hands it off based on its filename extension instead. That means something disguised as a harmless image with the right MIME type but ending in .exe could be executed as a program – if the user clicks it.

“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,” WhatsApp’s parent company Meta explained in its security advisory.

[…]

Make sure you’re running a version of WhatsApp for Windows higher than 2.2450.6 to be safe.

[…]

Source: Don’t open that file in WhatsApp for Windows just yet • The Register

Boeing issued a software safety patch for the VHF radio systems used on its 787 aircraft, and the update turned out to be ineffective, Qatar Airways has complained.

In February, the US Department of Transportation issued an advisory [PDF] about a problem with the aircraft’s electronics that was causing VHF radio traffic to unexpectedly switch between active and standby mode. In practice, this means pilots constantly have to check their radio settings to make sure all messages from air traffic control are received, and multiple cases of this unwanted switching have been reported.

“The FAA has received reports indicating that VHF radio frequencies transfer between the active and standby windows of the TCP [tuning control panel] without flightcrew input,” the dept said.

“The flightcrew may not be aware of uncommanded frequency changes and could fail to receive air traffic control communications. This condition, if not addressed, could result in missed communications such as amended clearances and critical instructions for changes to flight path and consequent loss of safe separation between aircraft, collision, or runway incursion.”

Boeing issued a free software fix to stop the mode changes and, according to Uncle Sam, the update will take 90 minutes to install with an estimated labor cost of $127.50 per aircraft, with 157 US airplanes reportedly vulnerable. The problem affects 787-8, 787-9, and 787-10 aircraft.

The unsafe condition still exists on airplanes

America’s aviation watchdog the FAA has asked for feedback from airlines by April 14 on the situation, and Qatar Airways isn’t waiting that long. It has already warned the patch isn’t working as it should: The radios still change mode without warning.

“Qatar Airways flight crew are still reporting similar issues from post-mod airplanes. [Qatar Airways] already reported the events to Boeing/Collins aerospace for further investigation and root cause determination,” the airline said.

“As of now, Qatar believes that the issue is not completely addressed, and the unsafe condition still exists on airplanes.”

Neither Qatar, Boeing, or the FAA representative were available for comment on the issue. Collins is a software provider for Boeing.

Source: Boeing 787 radio software patch didn’t work, says Qatar • The Register