Microsoft's latest Windows security update creates an empty folder you should not delete

A

Alfonso Maruccia

Posts: 2,515   +935
Staff
In context: Every now and then, Microsoft security patches can wreak havoc on Windows PCs. Users are understandably cautious these days, and even an innocent, empty folder can raise concerns about what's going on in the system after installing one of these patches.

Recent Windows security updates released as part of April's Patch Tuesday introduced an unexpected change. After installing this month's bug fixes, users discovered a new "inetpub" folder had been created in the root of the system volume (e.g., C:\inetpub). Though empty, the folder quickly sparked concern – enough that Microsoft was compelled to update its security bulletin to (partially) explain its purpose.

Technically speaking, the inetpub folder is associated with Microsoft's Internet Information Services (IIS), an "extensible" web server that has been part of the Windows OS family since Windows NT 4.0. The IIS platform uses this folder to store logs, but only when the relevant Windows components are installed on the system.

The newly created inetpub folder is related to CVE-2025-21204, a security vulnerability that Microsoft patched this month. This vulnerability, classified as a Windows Process Activation Elevation of Privilege flaw, could be exploited by an authenticated attacker to perform file management operations with SYSTEM-level privileges, according to Microsoft's security bulletin. The issue affects both Windows 10 and Windows 11.

After users began speculating about the origin of the inetpub folder, Microsoft updated the bulletin to confirm its source.

Once the patch for CVE-2025-21204 is installed, the updated bulletin explains, a new "%systemdrive%\inetpub" folder will be created on the device. Microsoft advises against deleting this folder, even if IIS is not active on the system.

The new folder is part of the changes introduced to "enhance" Windows security, so both end users and IT admins shouldn't bother to investigate the matter any further. What Microsoft hasn't explained, however, is how exactly an empty folder helps protect the system from a privilege escalation vulnerability.

Microsoft's guidance to leave the inetpub folder alone may disappoint users who prefer to maintain strict custom folder structures on their local drives. Personally, knowing there's an empty folder in my system root that I "shouldn't" delete is the kind of thing that could eventually drive me insane. For users not affected by computing-related OCD tendencies, though, this odd addition may be easier to ignore – for now.

Permalink to story:

Microsoft's latest Windows security update creates an empty folder you should not delete

 
Ah yes, is there anything that is organized these days? People just slap everything everywhere without giving it a thought and call it a day. Windows gets messier with every update. Same with game save data, there is a Save Games folder but barely anyone uses it, saves are everywhere and nowhere.
Everyone adds their own implementation because they can't be bothered to understand the previous.
Yada Yada, old man yelling at cloud and such.

Anyway you're not a random developer debugging windows. For crying out loud use dedicated system folders so you look somewhat professional even though windows is Swiss cheese in terms of security .
 
  • Like
Reactions: Ephebus and Phylop
MSIGamer said:
Ah yes, is there anything that is organized these days? People just slap everything everywhere without giving it a thought and call it a day. Windows gets messier with every update. Same with game save data, there is a Save Games folder but barely anyone uses it, saves are everywhere and nowhere.
Everyone adds their own implementation because they can't be bothered to understand the previous.
Yada Yada, old man yelling at cloud and such.

Anyway you're not a random developer debugging windows. For crying out loud use dedicated system folders so you look somewhat professional even though windows is Swiss cheese in terms of security .
Click to expand...

Nowadays, the preferred method for program storage is to use the AppData folder. As you noted, many still use older implementations (Documents, Saved_Games, and other locations)
 
  • Like
Reactions: lonetac, Ashford and MSIGamer
Its not empty on my PC. I have multiple folders with about a dozen files.

C:\inetpub\history\CFGHISTORY_0000000001
C:\inetpub\history\CFGHISTORY_0000000002
C:\inetpub\temp\appPools
 
TommyBoyFL said:
Its not empty on my PC. I have multiple folders with about a dozen files.

C:\inetpub\history\CFGHISTORY_0000000001
C:\inetpub\history\CFGHISTORY_0000000002
C:\inetpub\temp\appPools
Click to expand...
And you're not intentionally using Microsoft's Internet Information Services (IIS)?
 
Sounds to me like some kind of mitigation for a bug. I don't know if this is the reason why, but the user that creates a folder is typically granted ownership permissions over it. By pre-creating the folder, perhaps there is some defense against a malicious actor creating the folder (and thus granting themselves permissions to whatever is subsequently put into that folder should IIS or whatever be turned on later). Or perhaps it has nothing to do with folder/file permissions, but it still smells like a quick bugfix type of solution rather than a permanent or best practice fix.
 
  • Like
Reactions: Phylop
Microsoft says don't delete that folder?!? Hold my beer...

Done! Now what?

(My computer, my rules. Bite me Microsoft! Fix your crap and stop being so incompetent!)
 
Last edited:
  • Like
Reactions: LimyG and antiproduct
Now I can look forward to Microsoft "accidentally" deleting this folder and my running web servers when they make a future change. Awesome!
 
Microsoft could be using this location as a sort of honeypot. I remember a few years ago, there was an IIS vulnerability that could allow someone to put malicious code on your server, into this folder name (vague on the details, I just remember it was a BIG deal at the time). They could be creating this folder and since it’s already created, monitoring it for changes that could be created my malicious activity like I mentioned.

Just a guess.
 
Nothing like a mystery folder showing up in your C drive to say ‘Happy Patch Tuesday!’ Microsoft really out here doing security by Schrödinger’s Directory.
 
Some component of IIS doesn’t properly check if the folder exists before trying to access it, which can be used as an attack vector.

So instead of fixing the code, we all must have the folder to fix some systems, just to be sure.
 
MasterAce said:
Some component of IIS doesn’t properly check if the folder exists before trying to access it, which can be used as an attack vector.

So instead of fixing the code, we all must have the folder to fix some systems, just to be sure.
Click to expand...
Microsoft has generally tried not to break its legacy API functions; it's why old applications tend to *just work* across Windows versions. The problem is, this does cause some additional downstream headaches. Microsoft could make fixes at the API level, but you'd have to accept that over time, applications will eventually just stop working and have to be updated for the new APIs.

And yes, applications abuse broken APIs a *lot*.
 
I'll just remove all permissions from the folder so no one can access it and encrypt it take that then you progeny of unmarried people
 
  • Like
Reactions: ZedRM
Just checked my W10 pro PC. I have that folder. It and it's sub folders are dated 1/29/23

2023!

Structure: C\Inetpub\History\CFGHISTORY_000000001\ (see below)

In the history folder are two config files that open with notepad:
administration.config
applicationHost.config

They are 19KB and 11KB in size (all text) everything dated Jan 29th 2023.

I don't fully understand everything written in them, but there is a lot. I don't use IIS.
 
I'm just going to leave it their. The created date and modified date are the same. Probably doing nothing at all.

See as I have numerous tweaks, about 100 GPO, including turning of access to, and turning off the store completely. No edge, and even the normal windows up date in Settings doesn't work at all. (Still easy to up date by 3 other methods - when I like - no drivers.)

Local account on my favourite OS with almost all the sneaky telemetry off too.

I suspect that half of my OS files are redundant. The PC is far faster than MS would permit, or want. All top of the line components when bought and made (2020 Dec - 2021 Jan) I feel I succeded in future proofing it. In terms of raw power at least.

But, I've got the itch for making a modern build though. But:
Not happy with GPU otions currently so I'll hold off until sometime in 2026, or longer.

The recent releases of highend AMD chips are fine. DDR5 too, storage no problem. But making a balanced system seems hard. I don't trust the RTX 5090, and AMD has no enthusiast class GPUs at all. I wish they would make the effort.
 
Last edited:
You must log in or register to reply here.

Similar threads

Daniel Sims
Microsoft's next Xbox could get Asus and MSI variants, leaker claims
Replies
7
Views
94
havok585
havok585
midian182
Consumer tech lobby warns FCC that blocking router updates creates botnet risk for devices already in US homes
Replies
3
Views
301
Hecate91
H
Daniel Sims
Microsoft admits Game Pass may have gotten too expensive
Replies
6
Views
112
bviktor
B

Latest posts

Back