Users of Windows 10 and 11 noticed a new inetpub folder after the April Patch Tuesday updates, which Microsoft clarified is part of a security fix rather than related to its IIS component. This folder addresses the CVE-2025-21204 security vulnerability involving improper handling of symbolic links, potentially leaving systems open to attack. Microsoft emphasized the importance of retaining this folder, as its absence could undermine the intended security updates, leading to confusion and unnecessary deletion among users.
"After installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device. This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device."
"The new folder is needed, though not for IIS. Instead, it is part of a security fix designed to squash a bug that could leave your PC vulnerable to attack."
Collection
[
|
...
]