Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Windows 11 update creates mysterious inetpub folder
Ghacks Net ^ | Apr 10, 2025 | Martin Brinkmann

Posted on 04/12/2025 2:05:24 PM PDT by Openurmind

Microsoft released security updates for Windows 11 and other company products earlier this week. If you have installed the security update on a Windows 11 PC, you may have noticed something peculiar after the mandatory restart.

After opening the root of drive C in File Explorer, you may have stumbled upon the inetpub folder, a newly created folder. The creation date and time of the folder aligns with the installation of the update. When you open it, you will notice that it is empty.

Update: Microsoft says here that the folder is created intentionally and that it should not be deleted. Reason: "This behavior is part of changes that increase protection and does not require any action from IT admins and end users".

Microsoft made no mention of the folder in the changelog, and it may not be clear immediately why the folder was created.

Snip-

In any event, the inetpub folder is not protected. You can remove it by right-clicking on it and selecting delete, or by selecting the folder and tapping on the delete key on the keyboard. Note that Microsoft advises against this.

Considering that the cause of the creation of the folder is unclear at this point, it is possible that it may reappear at a later point in time, for instance after installation of the next security update for Windows 11.

Microsoft’s “explanation” is no explanation at all. Question: How does the presence of an empty directory “increase protection”? Answer: It doesn’t.

Bottom line is, not even Microsoft can tell us why C:\inetpub was added to computers. All they’ve done is to admit they put it there.

(Excerpt) Read more at ghacks.net ...


TOPICS: Computers/Internet
KEYWORDS: microsoft; publicinterest; securityupdate; updates; windows; windows11; windowspinglist
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-68 next last
To: Gene Eric

“in my case, it didn’t return after deleting & rebooting.”

It probably won’t until the next official update release.


21 posted on 04/12/2025 2:36:59 PM PDT by Openurmind
[ Post Reply | Private Reply | To 19 | View Replies]

To: Openurmind

Wait: Check the date.

That was about IIS dated 2014.

Give the security hacks some time to chew on this; we’ll know soon enough if it’s a problem and/or what to do about it. Right now, there’s nothing but BS blather about it. Link was posted for relevancy to the other comment.

Ironically, I first noticed the folder Friday.


22 posted on 04/12/2025 2:39:01 PM PDT by logi_cal869 (-cynicus the "concern troll" a/o 10/03/2018 /!i!! &@$%&*(@ -)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Openurmind

MSFT bump


23 posted on 04/12/2025 2:40:14 PM PDT by thinden (Buckle up …..)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Openurmind

For later…


24 posted on 04/12/2025 2:47:24 PM PDT by sjm_888
[ Post Reply | Private Reply | To 1 | View Replies]

To: Openurmind

In my Win10 Home, says it was created 11/08/20, has 2 sub-folders History and Temp, try opening the History folder, get an error, requires Admin privilege I guess.


25 posted on 04/12/2025 2:48:07 PM PDT by RckyRaCoCo (Time to throw them out of the Temple...again)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gene Eric

Once upon a time I had a forum running 5 to 10K posts a day and was quite familiar with the inetpub folder!! Held my local host Access DB for editing code. memories... 1999

https://web.archive.org/web/19991113030453/http://www.sit-rep.com/

Unless you see out bound data icon blinking or something is added to that folder, I dont think its anything to worry about...

Ha!! Just seen my first FLASH 1.0 Gif is still working lol...

https://web.archive.org/web/20000305050046/http://www.sit-rep.com/index.html


26 posted on 04/12/2025 2:49:39 PM PDT by sit-rep
[ Post Reply | Private Reply | To 19 | View Replies]

To: Openurmind

Were there any versions of Windows that wasn’t hacked?


27 posted on 04/12/2025 2:56:11 PM PDT by antidemoncrat ( )
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Thank you. I was getting ready to ping you and you beat me to it. :)


28 posted on 04/12/2025 2:57:05 PM PDT by Openurmind
[ Post Reply | Private Reply | To 12 | View Replies]

To: antidemoncrat

“Were there any versions of Windows that wasn’t hacked?”

Speaking of that, new from just a few days ago, surprised I haven’t seen this here already:

“Windows under attack: 0-day vulnerability used by ransomware group”

Microsoft released security updates for Windows yesterday and revealed today that the updates include a patch for a 0-day issue that is exploited in the wild.

The vulnerability — Windows Common Log File System Driver Elevation of Privilege Vulnerability — is tracked as CVE-2025-29824.

Important information:

The issue affects most supported server and client versions of Windows, including Windows 10, Windows 11, and Windows Server 2025.
Microsoft notes that the exploit does not work in Windows 11, version 24H2.
It is a use-after-free security issue that may be exploited for local elevation attacks.
The attack does not require user interaction.
The attacker may gain system privileges upon successful exploitation.

Microsoft notes that it is aware of limited attacks. It mentions targets in the IT and real estate sectors in the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia specifically in a special announcement on its security website.

https://www.ghacks.net/2025/04/09/windows-under-attack-0-day-vulnerability-used-by-ransomware-group/


29 posted on 04/12/2025 3:20:56 PM PDT by Openurmind
[ Post Reply | Private Reply | To 27 | View Replies]

To: Openurmind

If you’ve ever created web pages, the C:\Inetpub folder is where the website project gets published (it defaults to this locally unless you manually change it).

It possible that in the future, Microsoft will push some internet content to this folder. They should at the very least, explain the reason for creating this folder when Internet Information Server is not installed.


30 posted on 04/12/2025 3:32:02 PM PDT by Flavious_Maximus (Tony Fauci will be put on death row and die of COVID!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Flavious_Maximus

“If you’ve ever created web pages, the C:\Inetpub folder is where the website project gets published (it defaults to this locally unless you manually change it).”

On windows servers...Linux uses /var/www.

But with that said here is what MS says...

Key Points:​

The folder is automatically generated during the installation of KB5055523.

It typically appears on the installation drive (usually the C drive).

Even though IIS is normally responsible for this folder, most affected users won’t have IIS turned on.

The folder is empty and occupies zero bytes, indicating that no actual web content is being hosted.

This anomaly, while unusual, has been confirmed by multiple tests and log reports, giving reassurance that it is part of the update’s quirk rather than malicious activity.

https://windowsforum.com/threads/understanding-the-inetpub-folder-from-windows-11-update-kb5055523.360253/

“rather than malicious activity.”

If they say there is no malicious activity then there is more than likely malicious activity planned.


31 posted on 04/12/2025 3:45:15 PM PDT by Openurmind
[ Post Reply | Private Reply | To 30 | View Replies]

To: Openurmind

What would happen if I encrypted it?


32 posted on 04/12/2025 4:36:22 PM PDT by 1FreeAmerican
[ Post Reply | Private Reply | To 20 | View Replies]

To: 1FreeAmerican

That is not a bad idea... They will “see” it there but not be able to load anything in it. But they will probably just delete it and reinstall it clean again later.


33 posted on 04/12/2025 4:41:22 PM PDT by Openurmind
[ Post Reply | Private Reply | To 32 | View Replies]

To: Openurmind

I upgraded to Linux. M$ Winbloat is a dog.


34 posted on 04/12/2025 4:44:20 PM PDT by Pol-92064
[ Post Reply | Private Reply | To 1 | View Replies]

To: Pol-92064

“I upgraded to Linux.”

Oh good, you are not owned by Microsoft anymore. :)


35 posted on 04/12/2025 4:50:37 PM PDT by Openurmind
[ Post Reply | Private Reply | To 34 | View Replies]

To: Openurmind

I cannot find it on my W10 machines...


36 posted on 04/12/2025 5:02:57 PM PDT by SuperLuminal (Where is rabble-rising Sam Adams now that we need him? Is his name Trump, now?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Openurmind
"You may delete my folders now, my users;
but somewhere down the line I'll get you..."

T800EyesFlash

"And your saved data too."

37 posted on 04/12/2025 5:11:09 PM PDT by MikelTackNailer (Free compassion and beer tomorrow.)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Openurmind

bttt


38 posted on 04/12/2025 6:46:39 PM PDT by ChildOfThe60s (If you can remember the 60s, you weren't really there)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MikelTackNailer
Listen! And understand!

Win11 can't be bargained with. Win11 can't be reasoned with. Win11 doesn't feel pity, or mercy, or fear! And it absolutely will not stop, ever, until your system is crashed!


39 posted on 04/12/2025 6:52:13 PM PDT by Lazamataz (I'm so on fire that I feel the need to stop, drop, and roll!)
[ Post Reply | Private Reply | To 37 | View Replies]

To: Openurmind; usconservative; Mr. K
Update: Microsoft says here that the folder is created intentionally and that it should not be deleted. Reason: "This behavior is part of changes that increase protection and does not require any action from IT admins and end users".

INCREASES PROTECTION???? I call BULLSHIT.

Inetpub is the directory that IIS often uses as a home for hosting internet websites.

It's clear MS intends every one of us to be something they can ping (or access?)

40 posted on 04/12/2025 6:54:16 PM PDT by Lazamataz (I'm so on fire that I feel the need to stop, drop, and roll!)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-68 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson