Microsoft has issued a notification to Windows 11 users regarding the “inetpub” folder, which started appearing after the April 2025 update. This folder was initially thought to be an error associated with the Windows 11 KB5055523 update and other similar updates, including those for Windows 10. Upon further clarification, Microsoft confirmed that the creation of this folder is deliberate, although it was not initially documented. This oversight led to misunderstandings among users, as reported by Windows Latest.
Purpose and role of the “inetpub” folder
The “inetpub” folder is commonly used by Internet Information Services (IIS), which is a web server platform that supports hosting websites and applications on Windows systems. Typically, when IIS is enabled, it generates this directory to store logs at C:\inetpub\logs\LogFiles. Users reported the appearance of this folder on their systems even without IIS being enabled after the updates were installed, raising questions about its purpose.
This change is tied to a security patch addressing the CVE-2025-21204 vulnerability. This flaw in the Windows Update Stack could permit attackers to modify system files or folders due to improper link resolution, known as a ‘link following’ issue. On unpatched systems, this could enable local attackers to manipulate symbolic links, causing the system to access or modify unintended files or folders. Microsoft’s initial advisory did not make clear how the inetpub folder’s creation related to enhancing security against this specific vulnerability.
In response to user inquiries and confusion, Microsoft updated its support documentation to clarify that the inetpub folder’s presence following the April 2025 updates is part of enhanced security measures. “After installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device,” the revised guidance noted. Microsoft advises against deleting this folder irrespective of whether IIS is active, as it contributes to system protection and does not necessitate further actions from users or IT administrators.
Users who deleted the inetpub folder thinking it was an error can restore it by enabling IIS through Control Panel options. The steps include navigating to Control Panel > Programs > Programs and Features, selecting “Turn Windows features on or off” from the left-hand menu, locating and checking “Internet Information Services” in the dialog box, and clicking OK. This procedure will recreate the inetpub folder without requiring additional changes once IIS is activated.
IIS is not only utilised by developers but also by organisations relying on Microsoft’s web server technology for securely hosting both internal and external applications. The creation of this folder ensures that Windows systems are ready for potential IIS service requirements while maintaining security against known vulnerabilities.
Last month, Microsoft admitted that a Windows update accidentally removed the Copilot app from some Windows 11 devices. This issue occurred following the March 11 Patch Tuesday update, leading to the AI-powered assistant being uninstalled and unpinned from the taskbar. The problem is related to the KB5053598 (Windows 24H2) and KB5053606 (Windows 10 22H2) cumulative updates, which were part of that month’s security patches.
Read more: Microsoft update unintentionally removes Copilot from Windows 11 devices
