Here’s a summary of the key points from the Petri.com article “Windows 11 ‘inetpub’ Folder May Expose PCs to Security Risks”:
- In April 2025, a new “inetpub” folder began appearing on Windows PCs after a Patch Tuesday update.
- Microsoft created this folder to fix the CVE-2025-21204 security flaw, which could allow attackers to access and modify certain files and folders.
- The “inetpub” folder is typically used by Internet Information Services (IIS) for server logs, website files, scripts, etc., but Microsoft said it should not be deleted, even if IIS is not active.
- Security researcher Kevin Beaumont discovered that the new folder introduces a vulnerability on Windows 11 and 10: Non-admin users can “block all future security updates” by creating a junction point (a type of symbolic link) in the C: directory and executing a command in Command Prompt.
- This prevents Windows from creating the inetpub folder, which in turn blocks future security updates. As a result, affected PCs may remain vulnerable to already-fixed issues.
- The exploit does not require admin privileges, making it a relatively easy attack vector.
- Microsoft has been informed of the issue but had not responded at the time of publication.
The “inetpub” folder was meant to increase security but, due to a flaw in how it is handled, it may expose Windows systems to a new attack that can entirely block future security updates on a device—potentially leaving it open to threats long-term.
Source:
Petri.com – Windows 11 ‘inetpub’ Folder May Expose PCs to Security Risks
Source: petri.com https://petri.com/windows-11-inetpu...fQBegQIAhAC&usg=AOvVaw1I3Lj3co8992HNi43TbJ7E/
Last edited:
