With a recent security update Microsoft a folder called Inetpub. This folder is normally for the Microsoft Internet Information Services web server. I immediately thought this was a bad idea and i went about removing said folder on all of my office systems. Microsoft came out quickly and said please do not remove the folder it’s part of our new security patch. I did it anyway…I knew it was a bad idea to leave that folder. Now a security researcher has proved exactly how bad of an idea this approach was. Here’s an excerpt from the articel i found on this issue:
Earlier this month, users discovered a rather mysterious “inetpub” folder. They also noticed that nothing bad really happened if they deleted it, at least not apparently. However, when asked about it, Microsoft cautioned not to do so.
The company explained that the folder was automatically created as a byproduct of the recent symlink escalation of privilege flaw it patched with the April 2025 Patch Tuesday updates (Windows 11 / Windows 10). The security vulnerability is tracked under CVE-2025-21204.
Symlinks or symbolic links, also called soft links, are a type of link file that acts as pointers to other files or directories. Hence, a symlink carries a filesystem path to a corresponding target file or directory. However, they are also vulnerable to exploitation from threat actors as they do not require elevated privileges.
And, there is new trouble with this seemingly harmless new folder inetpub. While Microsoft rightly patched the issue, security researcher Kevin Beaumont discovered that the newly introduced inetpub folder can let non-administrators permanently block Windows updates by creating another new symlink.
If you know the history and operations of not only Windows but also IIS you know this folder existing is not a good idea if it is not being actively used. if you have this folder on your system or aren’t sure if you do, contact us to have it evaluated and make sure it is safe to remove across your fleet.