Microsoft has clarified the purpose behind the creation of the “inetpub” folder in recent Windows updates, addressing user confusion and concerns about the folder’s sudden appearance.
Initially, the folder was believed to be an error linked to the Windows 11 KB5055523 update and similar updates for Windows 10. After the April 2025 updates, users noticed a new “inetpub” folder on their systems, raising questions about its purpose and significance.
The “inetpub” folder is commonly used by Internet Information Services (IIS), a web server platform that supports hosting websites and applications on Windows systems. Typically, when IIS is enabled, it generates this directory to store logs at C:inetpublogsLogFiles. Users reported the appearance of this folder on their systems even without IIS being enabled after the updates were installed.
This change is tied to a security patch addressing the CVE-2025-21204 vulnerability. This flaw in the Windows Update Stack could permit attackers to modify system files or folders due to improper link resolution, known as a ‘link following’ issue. On unpatched systems, this could enable local attackers to manipulate symbolic links, causing the system to access or modify unintended files or folders.
Microsoft’s initial advisory did not make clear how the inetpub folder’s creation related to enhancing security against this specific vulnerability. However, the company has since updated its support documentation to clarify that the inetpub folder’s presence following the April 2025 updates is part of enhanced security measures.
“After installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%inetpub folder will be created on your device,” the revised guidance noted. Microsoft advises against deleting this folder irrespective of whether IIS is active, as it contributes to system protection and does not necessitate further actions from users or IT administrators.
Users who deleted the inetpub folder thinking it was an error can restore it by enabling IIS through Control Panel options. The steps include navigating to Control Panel > Programs > Programs and Features, selecting “Turn Windows features on or off” from the left-hand menu, locating and checking “Internet Information Services” in the dialog box, and clicking OK. This procedure will recreate the inetpub folder without requiring additional changes once IIS is activated.
IIS is not only utilised by developers but also by organisations relying on Microsoft’s web server technology for securely hosting both internal and external applications. The creation of this folder ensures that Windows systems are ready for potential IIS service requirements while maintaining security against known vulnerabilities.
In a related development, Microsoft recently admitted that a Windows update accidentally removed the Copilot app from some Windows 11 devices. This issue occurred following the March 11 Patch Tuesday update, leading to the AI-powered assistant being uninstalled and unpinned from the taskbar. The problem is related to the KB5053598 (Windows 24H2) and KB5053606 (Windows 10 22H2) cumulative updates, which were part of that month’s security patches.
