If you’ve ever tried deleting mysterious empty folders in Windows and felt a little burst of mischievous satisfaction, let this be your harrowing cautionary tale: sometimes, the most harmless-looking directories are the ones standing between you and a fully functioning operating system.
Cast your mind back to the relatively unremarkable April update for Windows 11 (version 24H2). In the grand tradition of Windows patches, it stealthily dropped a new folder onto your system drive called
Now, if you’re reading this as an IT pro, you probably know that whenever Microsoft says not to delete something, at least a few brave souls will test those boundaries. Who among us hasn’t been burned by something that seemed superfluous at first glance, only to discover its true necessity during a 2AM patch cycle? Classic Windows.
Here’s where things swing from “just quirky” to “legitimately disruptive”: third-party security researchers, true to their nature, poked and prodded the patch from all directions. Security researcher Kevin Beaumont—an industry regular with a knack for finding traps disguised as features—demonstrated that
You don’t need administrator rights. You don’t need dark magic. All you need is a few keystrokes in Command Prompt and a healthy disregard for warnings:
What this does is create a “junction”—a special type of Windows shortcut—that connects the innocent-looking
In summary: to resolve a bug where bad actors could hijack a Windows shortcut, Microsoft’s patch introduced a new hole that lets anyone (no admin required!) brick the OS’s update pipeline with a single line.
Let’s be real for a second: the ability for a single, empty folder to function as a denial-of-service vector is the sort of thing that makes security consultants cackle and sysadmins lose sleep. With no need for privilege escalation or even complex scripting, network environments could be thrown into patch limbo by a junior user or a passing prankster.
Irrespective of how unlikely most users are to unleash
The real-world kicker? Most users have no earthly reason to interact with Internet Information Services unless their home is doubling as a web hosting business for sock puppet blogs or IoT curiosities. So, in its effort to stamp out one exploit—an obscure, privilege-dependent loophole—Microsoft has arm-twisted every user into keeping a folder around that feels like a vestige of 1990s IIS test labs.
One has to wonder, if Microsoft’s answer to “what should I do if the folder is gone?” is “turn on this entire web server feature,” perhaps the original design of the patch deserves another look.
Funny thought: If a desktop team gets bored, will they start benchmarking how many different executables can be disguised as
This latest chapter, however, is truly poetic: an update aimed at patching a shortcut exploit leaves the fate of the entire update pipeline dangling by a folder that’s both essential and, paradoxically, powerless. Nothing quite says “Windows” like a zero-byte directory commanding absolute authority over your system’s ability to defend itself.
Even worse, consider the forensic headache: unless you’re on the lookout for bizarre folder junctions, you might waste hours troubleshooting “update errors” that have zero obvious cause. Microsoft’s silence on the matter (at least for now) is making sysadmin forums everywhere very, very chatty.
For IT professionals, the lesson is old but gold: never underestimate the ability of minor system artifacts to gain outsized importance during patch cycles. Set up monitoring scripts to check for phantom junctions on
In the meantime, expect IT departments to add “inetpub integrity check” to their growing list of scripts, alongside “Did the Copilot chatbot evaporate this week?” and “Why is my printer suddenly speaking Klingon?”
If Microsoft’s track record is anything to go by, the fix for this problem will “address user feedback about update robustness.” Translation: yet another mysterious system file or folder will quietly appear, with even murkier reasons not to delete it.
Some pundits will argue this is all a tempest in a teacup: “Who uses
The next time you find yourself staring at an empty folder and thinking, “What’s the worst that could happen?”—remember the saga of
So let’s wrap up with one final tip for Windows professionals everywhere: trust, but verify. If Microsoft says not to delete something, consider it both a warning and a potential plot twist for the next update cycle. And remember—sometimes, the emptiest folders are the ones guarding the most vital secrets.
Or, at the very least, a sure-fire way to confuse Notepad.
Source: ITC.ua An empty folder in Windows that «cannot be deleted» can permanently block OS updates
Windows 11’s “Can’t Delete This” Folder Fiasco
Cast your mind back to the relatively unremarkable April update for Windows 11 (version 24H2). In the grand tradition of Windows patches, it stealthily dropped a new folder onto your system drive called inetpub. At first glance, inetpub looks innocent, empty, and—dare we say—entirely unnecessary for most users. Naturally, countless Windows power users, tidiers, and accidental double-clickers wondered: “Do I really need this?” The answer, shouted from the highest digital rooftops by Microsoft, was a resolute: “DON’T DELETE IT.”Now, if you’re reading this as an IT pro, you probably know that whenever Microsoft says not to delete something, at least a few brave souls will test those boundaries. Who among us hasn’t been burned by something that seemed superfluous at first glance, only to discover its true necessity during a 2AM patch cycle? Classic Windows.
The Plot Twist: From Boring Patch to System Stalemate
Why all the fuss over one empty directory? According to Microsoft,inetpub showed up as part of their fix for CVE-2025-21204—a gnarly little vulnerability where a resourceful attacker could create a symbolic link (think: a kind of shortcut) that tricks Windows into following breadcrumbs right to a vulnerable file. So, Microsoft’s patch decided the best collateral damage was to drop a static folder, inetpub, onto every system.Here’s where things swing from “just quirky” to “legitimately disruptive”: third-party security researchers, true to their nature, poked and prodded the patch from all directions. Security researcher Kevin Beaumont—an industry regular with a knack for finding traps disguised as features—demonstrated that
inetpub could be abused to block Windows updates cold.You don’t need administrator rights. You don’t need dark magic. All you need is a few keystrokes in Command Prompt and a healthy disregard for warnings:
mklink /j c:\inetpub c:\windows\system32\notepad.exeWhat this does is create a “junction”—a special type of Windows shortcut—that connects the innocent-looking
inetpub folder to Notepad’s executable file. The next time Windows tries to update, it gets confused and, not liking confusion very much, it simply gives up. The system treats this as an update error and, hilariously, rolls back every patch, time after time.In summary: to resolve a bug where bad actors could hijack a Windows shortcut, Microsoft’s patch introduced a new hole that lets anyone (no admin required!) brick the OS’s update pipeline with a single line.
Subtlety Lost: The Hidden Risks
Machines running Windows 11 24H2 can now be held hostage by the mere presence—or, more devilishly, the creative repurposing—of an empty folder. IT departments everywhere: start prepping for support tickets that read “Updates not applying—and it’s Notepad’s fault, apparently?”Let’s be real for a second: the ability for a single, empty folder to function as a denial-of-service vector is the sort of thing that makes security consultants cackle and sysadmins lose sleep. With no need for privilege escalation or even complex scripting, network environments could be thrown into patch limbo by a junior user or a passing prankster.
Irrespective of how unlikely most users are to unleash
mklink havoc, the risk highlights the ongoing tension between security fixes and their side effects. How often do we patch the system to close one vulnerability, only to unwittingly open another door? With Windows 11’s swift evolution, it’s déjà vu all over again.Microsoft’s Official Guidance: Goldilocks and the Three Folders
Faced with this growing hullabaloo, Microsoft’s advice has been refreshingly predictable: “Do not delete theinetpub folder.” Of course, if you’ve already pruned it out of existence in a fit of desktop feng shui, Microsoft begrudgingly grants you a manual path to redemption: re-enable it by turning on the “Internet Information Services” feature in Windows Settings. Do that, and inetpub will spring back into place, pacifying the update gods.The real-world kicker? Most users have no earthly reason to interact with Internet Information Services unless their home is doubling as a web hosting business for sock puppet blogs or IoT curiosities. So, in its effort to stamp out one exploit—an obscure, privilege-dependent loophole—Microsoft has arm-twisted every user into keeping a folder around that feels like a vestige of 1990s IIS test labs.
One has to wonder, if Microsoft’s answer to “what should I do if the folder is gone?” is “turn on this entire web server feature,” perhaps the original design of the patch deserves another look.
Touching the Untouchable: Symbolic Links and Other Shenanigans
The crux of this entire escapade revolves around how Windows handles folder junctions and symbolic links. Generally, involving symbolic links in system directories is the opening scene in many horror stories told at sysadmin conventions. When a basic user can reroute a core directory to point at Notepad (or, let’s be honest, anything else—your imagination is the only limit), you’ve got to question both the patch design and Windows’ internal folder sanctity.Funny thought: If a desktop team gets bored, will they start benchmarking how many different executables can be disguised as
inetpub before Windows update breaks in entirely new ways? Will we soon see memes of “inetpub: now with 47 alternate personalities”?Taking a Stroll Down Update Memory Lane
For veteran IT folks, tales of updates that cause more harm than good are basically a recurring season of the world’s longest-running sitcom. We’ve seen updates that kill Bluetooth, updates that make webcams vanish, and more recently, patches that unceremoniously remove the beloved Copilot chatbot or transform printer language settings overnight.This latest chapter, however, is truly poetic: an update aimed at patching a shortcut exploit leaves the fate of the entire update pipeline dangling by a folder that’s both essential and, paradoxically, powerless. Nothing quite says “Windows” like a zero-byte directory commanding absolute authority over your system’s ability to defend itself.
The Unintended Weaponization of Admin-Free Missteps
Here’s where IT security folks start sweating a little. The attack described isn’t the kind you’d put on a movie poster, but it’s effective, easily automated, and—perhaps most alarmingly—within reach of any user with basic command line proficiency. Imagine a disgruntled intern or a slightly-too-clever teenager in a corporate environment runs themklink gambit. Suddenly, entire swathes of endpoints can no longer receive critical patches.Even worse, consider the forensic headache: unless you’re on the lookout for bizarre folder junctions, you might waste hours troubleshooting “update errors” that have zero obvious cause. Microsoft’s silence on the matter (at least for now) is making sysadmin forums everywhere very, very chatty.
Patch Management: Chicken, Egg, or Can of Worms?
Microsoft’s track record of update regressions is, if nothing else, consistent. What’s different this time is the symmetry: a folder dropped in place to fix one bug now acts as the very pivot for the next. It’s almost artistic, in a grim way—proof that OS development is, at least sometimes, an elaborate form of whack-a-mole.For IT professionals, the lesson is old but gold: never underestimate the ability of minor system artifacts to gain outsized importance during patch cycles. Set up monitoring scripts to check for phantom junctions on
inetpub before you even think about rollouts. And maybe spare a thought for the humble folder, now promoted—through no merit of its own—to linchpin status for your update strategy.Real-World Fallout and What’s Next
At the time of writing, Microsoft has yet to officially acknowledge the symbolic link vulnerability, though the researcher (ever the optimist) has contacted the Microsoft Security Response Center (MSRC). Will a patch land soon to paper over this digital papercut? Possibly. Will home users and enterprises alike wait on tenterhooks? Probably not—until they hit their first failed update and frantically start Googling “empty folder blocks Windows updates.”In the meantime, expect IT departments to add “inetpub integrity check” to their growing list of scripts, alongside “Did the Copilot chatbot evaporate this week?” and “Why is my printer suddenly speaking Klingon?”
If Microsoft’s track record is anything to go by, the fix for this problem will “address user feedback about update robustness.” Translation: yet another mysterious system file or folder will quietly appear, with even murkier reasons not to delete it.
Lessons for the Windows Curious (and the Battle-Scarred Pros)
At its core, theinetpub saga is a reminder of how everything old is new again in the world of OS maintenance. Folders we’ve ignored for decades can suddenly become critical infrastructure. Empty directories are anything but empty when wielded by Windows Update logic.Some pundits will argue this is all a tempest in a teacup: “Who uses
inetpub in 2024 anyway?” But for those with skin in the game—especially those tasked with keeping endpoints up-to-date and secure—this is less curiosity and more a challenge to operational resilience. How quickly can you spot the silent saboteur lurking in your file system?The Comedy of Accidental Complexity
All this, of course, is a wonderful bit of irony. Windows Update—designed to usher in an era of self-healing, security, and automation—can now be undone by a folder barely anyone uses, hooked to a text editor that’s barely changed in thirty years. Only in the world of Microsoft could the path from “patching a privilege escalation risk” to “accidentally locking your system into update limbo” be paved with such innocuous digital cobblestones.The next time you find yourself staring at an empty folder and thinking, “What’s the worst that could happen?”—remember the saga of
inetpub. Sometimes, to defend against hackers, all you need is a folder so touchy that even Notepad can bring your update pipeline to its knees.And Lastly, a Toast to the Hidden “Feature” Folders
As Microsoft busies itself developing a hotfix—and, most likely, spawning a new breed of unexplained system folders (“inetpub2,” anyone?)—the wise IT admin will keep a running list of things never to delete, ever. Shadowy folders, stray registry entries, or enigmatic features that appear only after a cumulative update: these are the unsung heroes (or villains) of our digitally transformed world.So let’s wrap up with one final tip for Windows professionals everywhere: trust, but verify. If Microsoft says not to delete something, consider it both a warning and a potential plot twist for the next update cycle. And remember—sometimes, the emptiest folders are the ones guarding the most vital secrets.
Or, at the very least, a sure-fire way to confuse Notepad.
Source: ITC.ua An empty folder in Windows that «cannot be deleted» can permanently block OS updates
