Posted on 04/12/2025 2:05:24 PM PDT by Openurmind
Microsoft released security updates for Windows 11 and other company products earlier this week. If you have installed the security update on a Windows 11 PC, you may have noticed something peculiar after the mandatory restart.
After opening the root of drive C in File Explorer, you may have stumbled upon the inetpub folder, a newly created folder. The creation date and time of the folder aligns with the installation of the update. When you open it, you will notice that it is empty.
Update: Microsoft says here that the folder is created intentionally and that it should not be deleted. Reason: "This behavior is part of changes that increase protection and does not require any action from IT admins and end users".
Microsoft made no mention of the folder in the changelog, and it may not be clear immediately why the folder was created.
Snip-
In any event, the inetpub folder is not protected. You can remove it by right-clicking on it and selecting delete, or by selecting the folder and tapping on the delete key on the keyboard. Note that Microsoft advises against this.
Considering that the cause of the creation of the folder is unclear at this point, it is possible that it may reappear at a later point in time, for instance after installation of the next security update for Windows 11.
Microsoft’s “explanation” is no explanation at all. Question: How does the presence of an empty directory “increase protection”? Answer: It doesn’t.
Bottom line is, not even Microsoft can tell us why C:\inetpub was added to computers. All they’ve done is to admit they put it there.
(Excerpt) Read more at ghacks.net ...
That is the same name as the old Microsoft IIS web server’s location.
Microsoft is making our computers become web servers?
GREEK to me - I don’t know what any of this means and probably don’t want to...only know I DO NOT WANT 11!!!
That is exactly what a commenter at the source asked...
“The file is apparently used by Internet Information Services with some users having the folder installed and in use on their computers since 2018. The unusual thing about the current installation via the security update is that it’s now being installed on computers where IIS is either not installed or disabled.”
And another one:
“Didn’t we hear them remaking Recall into CoPilot Vision? Maybe making the desktop computer an internet host will make it easier for Microsoft to spy on you with Recall.”
My first thought as well.
Maybe Microsoft wants to run their own botnet.
They always told me don’t download nothing’ from the wild.
Problem is, this is included in an official Microsoft update.
Yup, got it in my latest update in Win10.
the next question is if that folder returns after the next start up or so?
noticed locally — no big deal — likely installer snafu
 |  |
|---|
Microsoft probably has its own superuser type access that allows visibility of whatever files are in there. Probably pictures of you naked.
“the next question is if that folder returns after the next start up or so?”
Yep, that is one of the questions being asked. If it does then they absolutely have plans for it.
“Microsoft probably has its own superuser type access that allows visibility of whatever files are in there.”
This has already been a fact for decades now.
Interesting.
https://www.acunetix.com/blog/articles/iis-security-best-practices/
Hadn’t delved into that prior. Hmmm...
Microslop has gotten sloppier every day now that it has become an Indian company. They constantly break their own products.
Try dragging a file to a taskbar app, doesn’t work any more.
Many, many things throughout their product suits are breaking.
Same here with Win10Pro. Folder is dated for April 9, 2025.
I can't make the transition fast enough to Linux, at least for my browsing activities, so that I can take my Win10Pro PC offline.
in my case, it didn’t return after deleting & rebooting
Thank you for sharing that...
1. Move the Inetpub Folder to a Different Drive
The Inetpub folder is the default location for your web content, IIS logs, and so on. By default, IIS 7 and newer versions install the Inetpub folder in the system drive. It’s good practice to move the Inetpub folder to a different partition of the file system so that the web content is separate from the operating system.
This folder can be moved after IIS installation is completed. Thomas Deml, IIS Lead Program Manager provided this batch file to help with the move.
3. Disable the OPTIONS Method
The OPTIONS method provides a list of methods that are supported by the web server. Although this might seem beneficial, it also provides useful information to the attacker at the reconnaissance stage. Therefore, we recommend that you disable the OPTIONS method completely. This can be done by denying the OPTIONS verb in HTTP verb request filtering rules in IIS.
4. Enable Dynamic IP Address Restrictions
The Dynamic IP Restrictions module helps to block access to IP addresses that exceed a specified number of requests and thus helps prevent denial-of-service (DoS) attacks. This module will inspect the IP address of each request sent to the web server and will filter these requests in order to temporarily deny IP addresses that follow a particular attack pattern.
The Dynamic IP Restrictions module can be configured to block IP addresses after a number of concurrent requests or to block IP addresses that perform a number of requests over a period of time. Depending on your IIS version you will need to enable either the IP Security feature or the IP and Domain Restrictions as explained in this Microsoft article.
5. Enable and Configure Request Filtering Rules
It is also a good idea to restrict the types of HTTP requests that are processed by IIS. Setting up exclusions and rules can prevent potentially harmful requests from passing through to the server since IIS can block these requests on the basis of the request filtering rules defined.
6. Enable Logging
After you configure IIS logging, you will be able to log various information from HTTP requests received by the server. This will come in handy and can give a better understanding of issues that might have occurred on your website when things go wrong. It’s the place where you will start the troubleshooting process in such situations.
7. Use the Security Configuration Wizard (SCW) and the Security Compliance Manager (SCM)
Both of these Microsoft tools can be used to test your IIS security. The Security Configuration Wizard (SCW) runs different checks and provides advice and recommendations on how to boost your server security. The Security Compliance Manager (SCM) tool performs security tests on your server and compares server configurations to predefined templates as per industry best practices and security guide recommendations. (Still trusting MS)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.