In a new update for the guide concerning CVE-2025-21204 Microsoft told users they need the new inetpub folder for protection.
As part of April’s patch Tuesday updates, Microsoft released a patch to a link following flaw in the Windows Update Stack. Applying the patch creates a new %systemdrive%\inetpub folder on the device.
Users who noticed the new folder asked questions because they were concerned about its origin and purpose. Since the empty folder is generally associated with an Internet Information Services (IIS) feature that most users will not be running, this called for an explanation.
Internet Information Services (IIS) is a web server platform created by Microsoft to host websites, web applications, and services on Windows systems. The platform is not installed by default but can be enabled through the Windows Features dialog.
Microsoft states in the update:
“This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users.”
CVE-2025-21204, when successfully exploited, allows an authorized attacker to elevate privileges locally.
Per Microsoft:
“An authenticated attacker who successfully exploits this vulnerability gains the ability to perform and/or manipulate file management operations on the victim machine in the context of the NT AUTHORITY\SYSTEM account.”
The “link following flaw” means that the product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
As a resolution, denying access to a file can prevent an attacker from replacing that file with a link to a malicious file. Denying access can be done by assigning file/folder permissions. When you set permissions while creating a folder, you specify what users are allowed to do within that folder, such as limiting their ability to “Read-only” which means it allows the user to open and read files within the folder, but not add or edit existing files in the folder.
Short answer: the inetpub folder is there to protect you from an attacker exploiting a vulnerability, and it’s hardly taking up any space, so best leave it alone.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.