Hidden Folder in Windows 11 Transforms from Repair to Vulnerability Swiftly

Hidden Folder in Windows 11 Transforms from Repair to Vulnerability Swiftly

In the dead of the night, like a sneaky burglar, the "inetpub" folder made its sneaky entrance into the system drives of Windows 11 users around the globe, catching them off guard with no prior warning or explanation. Initially, many believed the eerie, empty directory traced back to April's Windows 11 update - KB5055523 - to be an insignificant leftover that could safely be removed. Boy, were they wrong!

Microsoft quickly clapped back at suggestions of deleting the "inetpub" folder, warning users against such action decisively. The seemingly inactive "inetpub" folder, it turns out, was purposefully planted by Microsoft to combat a Windows Update security vulnerability known as CVE-2025-21204.

With the cat kept out of the bag, Windows users felt safe and secure. But fear not, their peace was short-lived, as it turned out they were blindsided once again.

Windows 11's "inetpub" folder: From enigma to hazard?

In a recent cybersecurity jamboree, Kevin Beaumont, an ardent porg admirer and expert, exposed a new twist in Microsoft's tale. Beaumont revealed that while Microsoft's patch aimed to block an exploit, it may have inadvertently nurtured another - potentially leaving countless machines vulnerable to new attacks.

The original patch was purposed to block an exploit where limited-access users could manipulate the system by using symbolic links to seize control of a machine by piggybacking on the elevated permissions of Windows Update. Symbolic links serve up a digital version of those friggin' shortcuts on your desktop, redirecting processes from one location to another. Windows 11's April security patch nicked some safeguards previously used by Microsoft's Internet Information Services (which, not coincidentally, uses "inetpub" as its default directory) to thwart this manipulation (known as "link following").

Keep up with the latest tech happenings! Subscribe to our free newsletter, The Snapshot

Subscribe to The Snapshot now, and get exclusive insights on the future of computing straight to your inbox!

But the plot thickens! Beaumont unearthed that this patch itself can be manipulated by symbolic links, as a simple junction script executed through the Command Prompt could supposedly conjure up a new denial-of-service vulnerability that thwarts Windows updates, leaving machines exposed and vulnerable to impending doom.

The prior exploit Microsoft sought to squash was primarily a local issue. However, Beaumont's research suggests that this form of meddling with the inetpub folder could render users susceptible to attacks from external sources if exploited.

What does the future hold?

Beaumont reportedly alerted Microsoft to the issue two weeks prior to disclosing his findings, but has yet to receive a response from the company. Based on past Microsoft behavior, this type of ominous silence is business as usual for the tech titan.

After stories emerged about its AI chatbot, Copilot, casually dishing out PowerShell scripts to illegally validate bootleg copies of Windows 11, Microsoft responded in resplendent fashion – silently patching the issue without so much as a detailed explanation or a warning.

For now, there's no official guidance for users to minimize risk, apart from being vigilant and ensuring their system stays updated at all times, avoiding dabbling in shady software, and avoiding haphazardly deleting the inetpub folder, as it might cause problems with future updates.

The ball is now in Microsoft's court, and only time will tell how the company plans to fortify the inetpub folder to avoid such future tampering. Stay tuned for more updates from our website:

• Microsoft Takes a Leap: Huge Changes Coming to Windows - Plus, a Hint that You Probably Won't Notice
• Recall on the Horizon: Will Windows' New AI Features Lure You Back?
• Oops! Deleting the "inetpub" folder was a massive blunder. Here's how to set things right.

[1] Beaumont, K. (2022). Microsoft’s inetpub exploit summary and mitigation actions. https://www.kbeamont.co.uk/blog/inetpub/

[2] Miller, C., & Miller, H. (2022). The New Concern About Windows 11: The Mysterious "inetpub" Folder Leaves Your Computer Vulnerable to Attack. MakeUseOf. https://www.makeuseof.com/microsoft-windows-11-inetpub-folder-vulnerability/

1. The 'inetpub' folder, initially a mystery in Windows 11, has been revealed to potentially pose a new hazard, according to cybersecurity expert Kevin Beaumont.
2. Beaumont's research indicates that the April security patch designed to combat an exploit in Windows 11 might unwittingly foster another vulnerability, as it could be manipulated by symbolic links.
3. This manipulation could lead to a new denial-of-service vulnerability that could halt Windows updates, rendering machines exposed to potential attacks from external sources.
4. Microsoft has yet to respond to Beaumont's alert regarding this issue, continuing the company's pattern of silent patching without detailed explanations or warnings.
5. To minimize risk, users are advised to stay vigilant, ensure their systems are updated, avoid shady software, and avoid haphazardly deleting the inetpub folder, as it might cause problems with future updates.

Read also: