Canny Windows users who’ve spotted a mysterious folder on hard drives after applying last week’s security patches for the operating system can rest assured – it’s perfectly benign. In fact, it’s recommended you leave the directory there.
The folder, typically
C:\inetpub, is empty and related to Microsoft’s Internet Information Services (IIS). It will be created when you install the security patches whether or not you’re using that optional web server. The purpose of the folder is to mitigate an exploitable elevation-of-privileges flaw within Windows Process Activation, classified as CVE-2025-21204.That CVE, which can give malware on a system or a rogue user system-level file-management privileges, was fixed in the April Patch Tuesday batch from the Windows maker; installing the fix on Windows 11 and 10 will create the directory as additional protection, we’re told.
“After installing the updates listed in the security updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device,” advised Microsoft.
“This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users.”
[…]
If you have deleted it after applying the patch, there’s a fix. Go to the Windows Control Panel and open Programs and Features. On the left you’ll see “Turn Windows features on or off.” Scroll down until you find IIS and hit “OK” after highlighting it. The folder will be recreated with the correct SYSTEM-level permissions. You can then switch off IIS and restart. (No one uses IIS these days.)
Or create the folder by hand with read-only access and SYSTEM-level ownership
Source: Don’t delete inetpub folder. It’s a Windows security fix • The Register
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft