Windows 11’s New ‘inetpub’ Folder Could Expose PCs to Security Risks
This folder allows non-admin users to block future updates and leave systems exposed.
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...
Key Takeaways:
- The “inetpub” folder began appearing on Windows PCs after the April 2025 Patch Tuesday update.
- The folder introduces a new vulnerability allowing non-admin users to block security updates.
- This bug could leave affected systems exposed to unpatched threats.
Earlier this month, a mysterious folder called “inetpub” started appearing on various Windows PCs that installed the April 2025 Patch Tuesday updates. Microsoft later explained that this new folder was created to patch a bug that could leave users’ PCs vulnerable to cyberattacks.
What is the “inetpub” folder, and why did it appear?
The inetpub folder in Windows is a directory used by Internet Information Services (IIS). It includes all essential components such as server logs, website files, scripts, and temporary files. This folder is important for managing and hosting web applications on a Windows server, which provides a centralized location for all web-related content and configurations.
Microsoft introduced the “inetpub” folder to fix the CVE-2025-21204 security flaw, which could allow attackers to access and modify certain files and folders. At the time, Microsoft advised users not to remove the folder from their Windows PCs.
“This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users,” Microsoft explained.
How can the “inetpub” exploit block Windows security updates?
According to security researcher Kevin Beaumont, the “inetpub” folder has introduced a new vulnerability on Windows 11 and 10 devices. This flaw allows non-admin users to block all future security updates by creating a junction point in the C: directory and running a command in the Command Prompt. A junction point in Windows is a link that redirects one directory to another, which makes it appear as though the contents of the target directory are located in the junction point directory.
The junction point prevents the creation of the actual “inetpub” folder and blocks future security updates. This means that affected Windows PCs remain vulnerable to issues that have already been fixed.
Beaumont noted that this issue could lead to repeated error messages and attempts to roll back security updates. Hackers can exploit this flaw without needing elevated privileges on Windows PCs. Beaumont has informed Microsoft about the security vulnerability, but Microsoft has yet to respond.
