When mysterious folders appear within your system directory, it's typically a warning sign that something might be afoot regarding your device's security.
So, when many Windows users stumbled upon a mysterious new "inetpub" folder on their computers (myself included), it's no wonder that eyebrows were raised.
The folder, which is the default directory of Microsoft's Internet Information Services (IIS), wasn't a documented change and was initially presumed to be a harmless artifact left behind by April's Windows 11 24H2 (KB5055523) update.
However, a recent security vulnerability update to the Microsoft Knowledge Base (as reported by Windows Latest) reveals that the folder serves a vital purpose in protecting users against a harmful exploit that could see attackers granted elevated local privileges.
Phew! Panic over, right? Well, as long as you're not one of the people who deleted the seemingly empty folder when it appeared last week (like me), yes.
Well, don't I feel silly now? Thankfully, there's an easy fix to restore the "inetpub" folder back to its duties, and it only takes a moment. Let's take a closer look at the exploit in question and how to make sure you're protected.
"Inetpub": Why you don't want to delete that mysterious Windows folder
According to the Microsoft Knowledge Base, April's KB5055523 security patch was, in part, attempting to solve a security vulnerability (CVE-2025-21204) relating to attackers gaining elevated local privileges.
In a nutshell, the exploit allowed somebody with limited access to your computer to trick the system into giving them advanced control through special shortcut-like files called symbolic links.
This exploit manipulates Windows Update's elevated privileges to follow a symbolic link without the usual protections, giving an attacker access to parts of a system they normally wouldn't be allowed to touch.
The patch borrows certain safeguards from Microsoft's IIS to prevent this kind of behaviour (known as "link following"), ensuring your system now checks where a symbolic link leads to before allowing processes like Windows Update to make changes — effectively cutting off would-be attackers at the knees.
What to do if you did delete Windows' "Inetpub" folder
If you already pulled the trigger on deleting the "inetpub" folder from your system drive, you might now be left with egg on your face. Don't worry, so was I. However, a fix is at hand, and it doesn't take long to perform.
The folder, and presumably the related security patch can be restored by activating Internet Information Services manually, before performing a system restart.
Here are the steps to make it happen:
- Open the Control Panel in Windows.
- Navigate to Programs, then to Programs and Features.
- Select Turn Windows features on or off.
- Check the box next to the Internet Information Services option.
- Click OK.
- Restart your device from the Start Menu.
Once your device is back up and running, check your system folder to ensure the "inetpub" folder has returned successfully. Following this, you should be protected from the CVE-2025-21204 security vulnerability as intended.
Make sure you then disable IIS following these steps, by repeating the process above, but unchecking the box next to Internet Information Services.
