There’s a secret folder in Windows 11 — and it’s quickly going from fix to flaw Leave a comment
It got here like a thief within the evening, arising within the system drives of Windows 11 customers worldwide with out warning or clarification. However now, Microsoft’s mysterious “inetpub” folder dangers veering from repair to flaw as its vulnerabilities are uncovered.
The folder’s sudden look precipitated a stir on-line as customers seen it for the primary time. Fortunately, the curiously empty listing was traced to April’s Windows 11 24H2 (KB5055523) update — and was believed by many to be little greater than a innocent artifact left behind that might be safely eliminated.
Nevertheless, it was something however. Microsoft rapidly adopted up on recommendations that the folder might be deleted with a clear warning not to. Proving that appearances may be deceiving, the seemingly inert “inetpub” folder was really deliberately positioned by Microsoft to sort out a Home windows Replace safety vulnerability (CVE-2025-21204).
With the key of Home windows 11’s thriller “inetpub” folder revealed, Home windows customers believed there was nothing left to fret about. Seems, they have been unsuitable.
Home windows 11’s “inetpub” folder: From thriller to menace?
In a recent blog post, cybersecurity skilled (and self-confessed porg lover) Kevin Beaumont uncovered how Microsoft’s efforts to patch one Home windows 11 exploit could have created one other — doubtlessly leaving thousands and thousands of machines open to new assaults.
Microsoft’s unique patch was designed to dam an exploit the place limited-access customers might use “symbolic hyperlinks” to realize superior management of a machine by piggybacking on Home windows Replace’s elevated permissions.
Symbolic hyperlinks redirect processes from one location to a different, much like how desktop shortcuts redirect to information in different directories. Home windows 11’s April safety patch borrowed sure safeguards from Microsoft’s Web Data Providers (which makes use of inetpub as its default listing) to dam this behaviour (often called “hyperlink following”).
Paradoxically, the patch designed to forestall hyperlink following exploits can also be weak to it, as Beaumont reveals {that a} easy junction script run by the Command Immediate, pointing C:inetpub to notepad.exe, can reportedly introduce a brand new denial of service vulnerability that stops Home windows updates, leaving techniques broad open to future threats.
The preliminary exploit Microsoft hoped to unravel was primarily a neighborhood situation. Nevertheless, Beaumont’s analysis means that one of these meddling with the inetpub folder might go away customers weak to attackers from exterior sources if exploited.
What’s subsequent
Beaumont reportedly knowledgeable Microsoft of the problem two weeks previous to publishing his findings, and has but to listen to again from the corporate.
Nevertheless, this sort of silent response is not irregular for Microsoft. Following stories of its AI chatbot Copilot handing out PowerShell scripts to illegally authenticate copies of Windows 11, Microsoft equally performed its playing cards near its chest, quietly patching out the problem at a later date.
Within the meantime, there is no official steerage for mitigating any danger aside from to stay vigilant. Guarantee your laptop is updated always, keep away from downloading sketchy software program, and do not presume that deleting the inetpub folder will resolve these points, as it might trigger issues with future updates.
For now, the brand new thriller surrounding Home windows 11’s “inetpub” folder is how Microsoft plans to safe it from related meddling sooner or later.