{"id":37692,"date":"2025-04-11T06:41:49","date_gmt":"2025-04-11T04:41:49","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=37692"},"modified":"2025-04-24T23:00:14","modified_gmt":"2025-04-24T21:00:14","slug":"windows-10-11-april-2025-updates-create-inetpub-folder","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2025\/04\/11\/windows-10-11-april-2025-updates-create-inetpub-folder\/","title":{"rendered":"Windows 10\/11: April 2025 updates create \"inetpub\" folder"},"content":{"rendered":"<p><img decoding=\"async\" style=\"margin: 0px 10px 0px 0px; display: inline; float: left;\" title=\"Windows\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Windows-klein.jpg\" alt=\"Windows\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2025\/04\/11\/windows-10-11-legen-nach-april-2025-patchday-leeren-ordner-inetpub-an\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Small addendum from the April 2025 patchday (April 8, 2025) &#8211; due to all the bugs, I haven't gotten around to reporting another (cosmetic) error yet. In Windows 10 (2019 and 22H2) and Windows 11 (23H2 and 24H2), an empty \"inetpub\" folder is suddenly created when April 2025 security updates are installed. That's for security measures.<\/p>\n<p><!--more--><\/p>\n<h2>Windows 11 24H2 has suddenly an \"inetpub\" folder<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg06.met.vgwort.de\/na\/86ea412d85414d648dff639a641ce95b\" alt=\"\" width=\"1\" height=\"1\" \/>After the April 2025 Patchday (April 8, 2025), there was an increase in complaints from Windows users who suddenly had an \"inetpub\" folder created on their Windows drive by the installed update. Will Dorman, for example, raised it in <a href=\"https:\/\/infosec.exchange\/@wdormann\/114308857330723919\" target=\"_blank\" rel=\"noopener\">this twee<\/a>t.<\/p>\n<p>I came across this issue on various websites. Windows Latest, for example, describes it in the following tweet and in the article <a href=\"https:\/\/www.windowslatest.com\/2025\/04\/09\/windows-11-kb5055523-issue-creates-inetpub-folder-out-of-nowhere\/\" target=\"_blank\" rel=\"noopener\">Windows 11 KB5055523 issue creates \"inetpub\" folder out of nowhere<\/a>.<\/p>\n<p><a href=\"https:\/\/www.windowslatest.com\/2025\/04\/09\/windows-11-kb5055523-issue-creates-inetpub-folder-out-of-nowhere\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i.postimg.cc\/qMHRJ5Hm\/image.png\" alt=\"Windows folder inetpub\" width=\"599\" height=\"609\" \/><\/a><\/p>\n<p>The message in the article is that the update <a href=\"https:\/\/support.microsoft.com\/de-de\/topic\/8-april-2025-kb5055523-bs-build-26100-3775-277a9d11-6ebf-410c-99f7-8c61957461eb\" target=\"_blank\" rel=\"noopener\">KB5055523<\/a> from April 8, 2025 under Windows 11 24H2 creates a folder \"inetpub\" on the system drive \"out of the blue\". The folder remains empty and is unprotected, so it could also be deleted by the user (but should not be).<\/p>\n<h2>Folder \"inetpub\" is known<\/h2>\n<p>The \"inetpub\" folder is not unknown, as this directory is created when an administrator activates the <em>Internet Information Services<\/em> in the <em>Windows Features<\/em> dialog box.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"\" src=\"https:\/\/i.postimg.cc\/900LBqP0\/image.png\" alt=\"Internet Information Services (IIS)\" width=\"422\" height=\"373\" \/><\/p>\n<p>Internet Information Services (IIS) is a feature, that provides a web server platform developed by Microsoft to host websites, web applications and services on Windows systems. This feature is not installed by default, but can be activated via the <em>Windows Features<\/em> dialog box.<\/p>\n<p>I just have checked on my system I'm using currently. This features has not been activated and installed via the relevant checkbox. Nevertheless, I can find the folder on my Windows 10 2019 IoT Enterprise LTSC.<\/p>\n<h2>All Windows versions affected<\/h2>\n<p>While Windows Latest still reports Windows 11 24H2 as affected, another user with Windows 11 23H2 has also <a href=\"https:\/\/x.com\/Snipermx\/status\/1910124237408399625\" target=\"_blank\" rel=\"noopener\">reported<\/a> finding the folder.<\/p>\n<p><a href=\"https:\/\/x.com\/Snipermx\/status\/1910124237408399625\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i.postimg.cc\/mDQkxvgW\/image.png\" alt=\"Ordner inetpub in Windows 11 23H2\" width=\"606\" height=\"483\" \/><\/a><\/p>\n<p>I myself find this folder under Windows 10 2019, which has also received an April 2025 update. The colleagues from Bleeping Computer write in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/windows-11-april-update-unexpectedly-creates-new-inetpub-folder\/\" target=\"_blank\" rel=\"noopener\">this article<\/a> that Microsoft has confirmed that the <em>inetpub<\/em> folder is also created under Windows 10.<\/p>\n<p>The reason why the folder was suddenly created is unknown. However, Bleeping Computer asked Microsoft and received an answer. According to Microsoft, the folder was created on purpose and should not be deleted. However, no explanation was provided.<\/p>\n<h2>Explanation: It's for security measures<\/h2>\n<p>After I've published the German\u00a0Patrick points in a comment to the Microsoft description of <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-21204\" target=\"_blank\" rel=\"noopener\">CVE-2025-21204<\/a>. Within the FAQ it reads:<\/p>\n<blockquote><p><strong>Does installing the Windows security updates that address this CVE cause visible change on devices?<\/strong><\/p>\n<p>After installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\\inetpub folder will be created on your device.\u00a0<strong>This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device.<\/strong>\u00a0This behavior is part of changes that increase protection and does not require any action from IT admins and end users.<\/p><\/blockquote>\n<p><strong>Addendum:<\/strong> Note my follow up article <a href=\"https:\/\/borncity.com\/win\/2025\/04\/23\/april-2025-patch-for-windows-symlink-vulnerability-cve-2025-21204-tears-new-security-issue\/\">April 2025 patch for Windows Symlink vulnerability CVE-2025-21204 tears new security issue<\/a>. Without the inetpub folder created by the patch, attackers could block Windows updates via a junction.<\/p>\n<p><strong>Similar articles:<\/strong><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2025\/04\/09\/microsoft-security-update-summary-april-8-2025\/\">Microsoft Security Update Summary (April 8, 2025)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2025\/04\/09\/patchday-windows-10-11-updates-april-8-2025\/\">Patchday: Windows 10\/11 Updates (April 8, 2025)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2025\/04\/09\/patchday-windows-server-updates-8-april-2025\/\">Patchday: Windows Server-Updates (April 8, 2025)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2025\/04\/10\/patchday-microsoft-office-updates-april-8-2025\/\">Patchday: Microsoft Office Updates (April 8, 2025)<\/a><\/p>\n<p><a href=\"https:\/\/borncity.com\/win\/2025\/04\/09\/word-excel-2016-crashing-after-april-2025-update-kb5002700\/\">Word\/Excel 2016 crashing after April 2025 update KB5002700<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2025\/04\/09\/outlook-2016-calendar-access-blocked-after-april-2025-update-kb5002700\/\" rel=\"bookmark\">Outlook 2016: Calendar access blocked after April 2025 update KB5002700<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Small addendum from the April 2025 patchday (April 8, 2025) &#8211; due to all the bugs, I haven't gotten around to reporting another (cosmetic) error yet. In Windows 10 (2019 and 22H2) and Windows 11 (23H2 and 24H2), an empty &hellip; <a href=\"https:\/\/borncity.com\/win\/2025\/04\/11\/windows-10-11-april-2025-updates-create-inetpub-folder\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,22,2],"tags":[47,76,2643],"class_list":["post-37692","post","type-post","status-publish","format-standard","hentry","category-issue","category-update","category-windows","tag-issue","tag-windows-10","tag-windows-11"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37692","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=37692"}],"version-history":[{"count":9,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37692\/revisions"}],"predecessor-version":[{"id":37832,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37692\/revisions\/37832"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=37692"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=37692"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=37692"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}