2025-04-15 12:35:20 by Forbes

Do not delete this Windows update folder, Microsoft warns.NurPhoto via Getty ImagesUpdate, April 15, 2025: This story, originally published April 13, has now been updated with detailed instructions on how to restore the controversial Windows “inetpub” folder if it had already been deleted before the Microsoft warning was issued. Windows users have a lot on their collective plate when it comes to matters of security, that’s for sure. There’s the zero-day vulnerability that wants to steal your Windows passwords, hackers bypassing Windows Defender security protections, and then there’s Microsoft’s own decisions to deal with. The deletion of VPN provision Windows Defender users and, much more seriously, the deletion of security support for Windows 10 users. As an aside, you can still get Windows 11 for free, if you are quick. The latest and somewhat confusing situation of Microsoft’s making has come about as Windows users noticed a mysterious new folder after the most recent security update. A folder with no explanation and one which, now, Microsoft has warned a billion Windows users they must not delete. ForbesGoodbye Windows Hello — Microsoft Update Kills Biometric LoginBy Davey Winder Do Not Delete This Mysterious New Windows Folder As part of the April 8 Patch Tuesday security updates, Microsoft included a fix for CVE-2025-21204. This vulnerability in the critical Windows Update Stack, which is responsible for the management of Windows updates, no less, could lead to an attacker to elevate privileges locally. Something that the experts at SecurityVulnerability.io described as posing “a significant risk to organizations, as the compromised systems could allow attackers to execute unauthorized actions, potentially undermining the integrity and security of sensitive information and system operations.” I won’t bore you with the technicalities of link resolution process manipulation that could enable hackers to access files and execute commands; just know it’s pretty darn serious. “The ability to conduct unauthorized actions can severely impact the integrity of the affected systems," SecuerityVulnerability.io continued, "resulting in potential disruptions of operations, implementation of malicious software, or further vulnerabilities being introduced into the network.” Which is why Microsoft fixed it, and that’s a good thing. The way that Microsoft fixed it, however, is not so good. A lack of transparency is a particular bugbear of mine when it comes to anything security-related, and this vulnerability patch is no exception. The problem is that Microsoft created a new and empty folder with the security update, the appearance of which led to a totally understandable debate in tech forums and on Reddit as well as other social media platforms. What was this “inetpub” folder, how did it get there, is it dangerous, is Microsoft using it to collect data, and should I delete it? According to a new Microsoft security advisory update, the answer to the last of these questions is a resounding no. Windows users must not delete the inetpub folder, Microsoft warned. Doing so would remove the vital security protections that it provides, and the reason for it being created any this update in the first place.ForbesNo Reboot Updates Come To Windows 11 — But There’s A CatchBy Davey Winder Microsoft Confirms Reason For New Windows Folder An April 10 update to Microsoft’s security advisory concerning CVE-2025-21204, entitled “Windows Process Activation Elevation of Privilege Vulnerability,”confirmed that “after installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device.” Microsoft Security AdvisoryMicrosoftMicrosoft went on to say that the folder installation was “part of changes that increase protection” but failed to explain precisely how. What I do know is that the inetpub folder itself usually comes as part of the Internet Information Services web server platform, enabled using Windows Features, but this update has dropped it whether the user has IIS installed or not. More transparency is required, methinks, although not at the expense of tipping off potential attackers as to how the mitigation works, of course. I contacted Microsoft for a statement, but a spokesperson informed me that there was nothing else to add, other than the information contained within the security advisory, at this time. What I can say, however, is that as a security wonk, I strongly urge all Windows users to follow Microsoft’s advice: “This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device.”ForbesGmail And Microsoft 2FA Security Bypass — Take Action Now, Users ToldBy Davey WinderHow To Restore The Vital Windows Folder If You’ve Already Deleted It All of which is OK, but what if you have already deleted the inetpub folder from your Windows installation? I mean, given the nature of the update and the social media conspiracy theories, I wouldn’t be surprised if that were, indeed, the case for many users. I have already had a number of readers contact me to say they did just that and ask what they should do now. The answer is simple: restore it. The methodology required to do that is, thankfully, also pretty simple as long as you complete the six steps as follows: Head for the Windows Control Panel. Click on Programs. In the Progams and Features section, choose the Turn Windows features on and off option. Scroll down through the Windows Features box that appears. Tick the checkbox for Internet Information Services. Click OK. Windows will then whirr and grind its cogs until the inetpub folder has been restored once more, and you can check your system drive to ensure that it is. By enabling IIS in this way the same folder is recreated as if Microsoft had dropped it there in a security update, and it will provide the same protections from Windows threats as well. ForbesWindows Users Given 24-Hour Warning As Attackers StrikeBy Davey Winder