1 day Ago
Do not delete this Windows update folder, Microsoft warns. Windows users have a lot on their collective plate when it comes to matters of security, that’s for sure. There’s the zero-day vulnerability that wants to steal your Windows passwords , hackers bypassing Windows Defender security protections, and then there’s Microsoft’s own decisions to deal with.
The deletion of VPN provision Windows Defender users and, much more seriously, the deletion of security support for Windows 10 users. As an aside, you can still get Windows 11 for free , if you are quick. The latest and somewhat confusing situation of Microsoft’s making has come about as Windows users noticed a mysterious new folder after the most recent security update.
A folder with no explanation and one which, now, Microsoft has warned a billion Windows users they must not delete. As part of the April 8 Patch Tuesday security updates, Microsoft included a fix for CVE-2025-21204. This vulnerability in the critical Windows Update Stack, which is responsible for the management of Windows updates, no less, could lead to an attacker to elevate privileges locally.
Something that the experts at SecurityVulnerability.io described as posing “a significant risk to organizations, as the compromised systems could allow attackers to execute unauthorized actions, potentially undermining the integrity and security of sensitive information and system operations.” I won’t bore you with the technicalities of link resolution process manipulation that could enable hackers to access files and execute commands; just know it’s pretty darn serious.
Which is why Microsoft fixed it, and that’s a good thing. The way that Microsoft fixed it, however, is not so good. A lack of transparency is a particular bugbear of mine when it comes to anything security-related, and this vulnerability patch is no exception.
The problem is that Microsoft created a new and empty folder with the security update, the appearance of which led to a totally understandable debate in tech forums and on Reddit as well as other social media platforms. What was this “inetpub” folder, how did it get there, is it dangerous, is Microsoft using it to collect data, and should I delete it? According to a new Microsoft security advisory update, the answer to the last of these questions is a resounding no. Windows users must not delete the inetpub folder, Microsoft warned.
An April 10 update to Microsoft’s security advisory concerning CVE-2025-21204, entitled “ Windows Process Activation Elevation of Privilege Vulnerability ,”confirmed that “after installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%inetpub folder will be created on your device.” Microsoft Security Advisory Microsoft went on to say that the folder installation was “part of changes that increase protection” but failed to explain precisely how. What I do know is that the inetpub folder itself usually comes as part of the Internet Information Services web server platform, enabled using Windows Features, but this update has dropped it whether the user has IIS installed or not.
More transparency is required, methinks, although not at the expense of tipping off potential attackers as to how the mitigation works, of course. What I can say, however, is that as a security wonk, I strongly urge all Windows users to follow Microsoft’s advice: “This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device.”.
