but somewhere down the line I'll get you..."
"And your saved data too."
Posted on 04/12/2025 2:05:24 PM PDT by Openurmind
Microsoft released security updates for Windows 11 and other company products earlier this week. If you have installed the security update on a Windows 11 PC, you may have noticed something peculiar after the mandatory restart.
After opening the root of drive C in File Explorer, you may have stumbled upon the inetpub folder, a newly created folder. The creation date and time of the folder aligns with the installation of the update. When you open it, you will notice that it is empty.
Update: Microsoft says here that the folder is created intentionally and that it should not be deleted. Reason: "This behavior is part of changes that increase protection and does not require any action from IT admins and end users".
Microsoft made no mention of the folder in the changelog, and it may not be clear immediately why the folder was created.
Snip-
In any event, the inetpub folder is not protected. You can remove it by right-clicking on it and selecting delete, or by selecting the folder and tapping on the delete key on the keyboard. Note that Microsoft advises against this.
Considering that the cause of the creation of the folder is unclear at this point, it is possible that it may reappear at a later point in time, for instance after installation of the next security update for Windows 11.
Microsoft’s “explanation” is no explanation at all. Question: How does the presence of an empty directory “increase protection”? Answer: It doesn’t.
Bottom line is, not even Microsoft can tell us why C:\inetpub was added to computers. All they’ve done is to admit they put it there.
(Excerpt) Read more at ghacks.net ...
“in my case, it didn’t return after deleting & rebooting.”
It probably won’t until the next official update release.
Wait: Check the date.
That was about IIS dated 2014.
Give the security hacks some time to chew on this; we’ll know soon enough if it’s a problem and/or what to do about it. Right now, there’s nothing but BS blather about it. Link was posted for relevancy to the other comment.
Ironically, I first noticed the folder Friday.
MSFT bump
For later…
In my Win10 Home, says it was created 11/08/20, has 2 sub-folders History and Temp, try opening the History folder, get an error, requires Admin privilege I guess.
Once upon a time I had a forum running 5 to 10K posts a day and was quite familiar with the inetpub folder!! Held my local host Access DB for editing code. memories... 1999
https://web.archive.org/web/19991113030453/http://www.sit-rep.com/
Unless you see out bound data icon blinking or something is added to that folder, I dont think its anything to worry about...
Ha!! Just seen my first FLASH 1.0 Gif is still working lol...
https://web.archive.org/web/20000305050046/http://www.sit-rep.com/index.html
Were there any versions of Windows that wasn’t hacked?
Thank you. I was getting ready to ping you and you beat me to it. :)
“Were there any versions of Windows that wasn’t hacked?”
Speaking of that, new from just a few days ago, surprised I haven’t seen this here already:
“Windows under attack: 0-day vulnerability used by ransomware group”
Microsoft released security updates for Windows yesterday and revealed today that the updates include a patch for a 0-day issue that is exploited in the wild.
The vulnerability — Windows Common Log File System Driver Elevation of Privilege Vulnerability — is tracked as CVE-2025-29824.
Important information:
The issue affects most supported server and client versions of Windows, including Windows 10, Windows 11, and Windows Server 2025.
Microsoft notes that the exploit does not work in Windows 11, version 24H2.
It is a use-after-free security issue that may be exploited for local elevation attacks.
The attack does not require user interaction.
The attacker may gain system privileges upon successful exploitation.
Microsoft notes that it is aware of limited attacks. It mentions targets in the IT and real estate sectors in the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia specifically in a special announcement on its security website.
https://www.ghacks.net/2025/04/09/windows-under-attack-0-day-vulnerability-used-by-ransomware-group/
If you’ve ever created web pages, the C:\Inetpub folder is where the website project gets published (it defaults to this locally unless you manually change it).
It possible that in the future, Microsoft will push some internet content to this folder. They should at the very least, explain the reason for creating this folder when Internet Information Server is not installed.
“If you’ve ever created web pages, the C:\Inetpub folder is where the website project gets published (it defaults to this locally unless you manually change it).”
On windows servers...Linux uses /var/www.
But with that said here is what MS says...
Key Points:
The folder is automatically generated during the installation of KB5055523.
It typically appears on the installation drive (usually the C drive).
Even though IIS is normally responsible for this folder, most affected users won’t have IIS turned on.
The folder is empty and occupies zero bytes, indicating that no actual web content is being hosted.
This anomaly, while unusual, has been confirmed by multiple tests and log reports, giving reassurance that it is part of the update’s quirk rather than malicious activity.
“rather than malicious activity.”
If they say there is no malicious activity then there is more than likely malicious activity planned.
What would happen if I encrypted it?
That is not a bad idea... They will “see” it there but not be able to load anything in it. But they will probably just delete it and reinstall it clean again later.
I upgraded to Linux. M$ Winbloat is a dog.
“I upgraded to Linux.”
Oh good, you are not owned by Microsoft anymore. :)
I cannot find it on my W10 machines...
"And your saved data too."
bttt
Win11 can't be bargained with. Win11 can't be reasoned with. Win11 doesn't feel pity, or mercy, or fear! And it absolutely will not stop, ever, until your system is crashed!
INCREASES PROTECTION???? I call BULLSHIT.
Inetpub is the directory that IIS often uses as a home for hosting internet websites.
It's clear MS intends every one of us to be something they can ping (or access?)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.