It came like a thief in the night, springing up in the system drives of Windows 11 users worldwide without warning or explanation. But now, Microsoft's mysterious "inetpub" folder risks veering from fix to flaw as its vulnerabilities are exposed.
The folder's sudden appearance caused a stir online as users noticed it for the first time. Thankfully, the curiously empty directory was traced to April's Windows 11 24H2 (KB5055523) update — and was believed by many to be little more than a harmless artifact left behind that could be safely removed.
However, it was anything but. Microsoft quickly followed up on suggestions that the folder could be deleted with a clear warning not to. Proving that appearances can be deceiving, the seemingly inert "inetpub" folder was actually intentionally positioned by Microsoft to tackle a Windows Update security vulnerability (CVE-2025-21204).
With the secret of Windows 11's mystery "inetpub" folder revealed, Windows users believed there was nothing left to worry about. Turns out, they were wrong.
Windows 11's "inetpub" folder: From mystery to menace?
In a recent blog post, cybersecurity expert (and self-confessed porg lover) Kevin Beaumont exposed how Microsoft's efforts to patch one Windows 11 exploit may have created another — potentially leaving millions of machines open to new attacks.
Microsoft's original patch was designed to block an exploit where limited-access users could use "symbolic links" to gain advanced control of a machine by piggybacking on Windows Update's elevated permissions.
Symbolic links redirect processes from one location to another, similar to how desktop shortcuts redirect to files in other directories. Windows 11's April security patch borrowed certain safeguards from Microsoft's Internet Information Services (which uses inetpub as its default directory) to block this behaviour (known as "link following").
Ironically, the patch designed to prevent link following exploits is also vulnerable to it, as Beaumont reveals that a simple junction script run through the Command Prompt, pointing C:\inetpub to notepad.exe, can reportedly introduce a new denial of service vulnerability that prevents Windows updates, leaving systems wide open to future threats.
The initial exploit Microsoft hoped to solve was primarily a local issue. However, Beaumont's research suggests that this type of meddling with the inetpub folder could leave users vulnerable to attackers from external sources if exploited.
What's next
Beaumont reportedly informed Microsoft of the issue two weeks prior to publishing his findings, and has yet to hear back from the company.
However, this kind of silent response isn't abnormal for Microsoft. Following reports of its AI chatbot Copilot handing out PowerShell scripts to illegally authenticate copies of Windows 11, Microsoft similarly played its cards close to its chest, quietly patching out the issue at a later date.
In the meantime, there's no official guidance for mitigating any risk other than to remain vigilant. Ensure your computer is up to date at all times, avoid downloading sketchy software, and don't presume that deleting the inetpub folder will solve these issues, as it may cause complications with future updates.
For now, the new mystery surrounding Windows 11's "inetpub" folder is how Microsoft plans to secure it from similar meddling in the future.
More from Laptop Mag
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
