Windows folder could be a great security risk
After the April update, a mysterious “Inetpub” folder appeared under Windows. Microsoft said that it was part of a security fix. Ironically, this fix is probably creating a new gap that enables all future Windows updates to be blocked.
Microsoft’s Safety Fix offers new attack space
The mysterious “Inetpub” folder, who suddenly appeared on Windows 10 and Windows 11 systems after the April Patchday, initially caused confusion among users. Microsoft quickly calmed down and explained that the folder was part of a security update for the weak point CVE-2025-21204. Under no circumstances should users delete it. But now it turns out that the supposed security improvement itself creates a dangerous gap.
Symlink manipulation enables update blockade
Security expert Kevin Beaumont now explains in his blog Double Pulsar how exactly this fix introduces a new weak point. In this way, attackers with simple user rights can prevent Windows updates from being installed with simple user rights.
The method is terrifyingly simple: About the Windows command MKLink /JC: Inetpub C: Windows system32Notepad.exe A link (junction) can be created that connects the path C: Inetpub with a different element. In Beaumont’s example, a link to the Windows Notepad was created. As soon as this manipulation has been made, the installation of the April Security Update fails.
Long -term security risks
It is particularly problematic that no administrator rights are required for this manipulation. A normal user can thus compromise the safety of the entire system. Without security updates, vulnerabilities remain unpatched, which enlarges the attack surface for more serious exploits. The actual risk of this gap is difficult to assess. However, the consequences could be significant, since a system that was once manipulated may no longer be able to install further updates, unless Microsoft changes implementation of the security patch.
Background for the inet pub problem
The Inetpub folder has a long history in Windows systems. He was originally introduced with the Internet Information Services (IIS), which was first published with Windows NT 4.0 in 1996. The folder traditionally serves as a standard location for websites and web applications that are provided via the IIS web server. The inet pub folder usually only appears on systems on which IIS are used. With the April update, however, it was created on all Windows systems-also where no IIS are activated.
As already mentioned, Microsoft justified this with improved “protection” against the use of a security hole. The sudden introduction of this folder on all Windows systems represents an unusual change in Microsoft’s security strategy. Such structural changes are usually documented and justified in detail. In the current case, however, it remains unclear how exactly an empty folder should contribute to the remediation of a security gap.
Reaction is still pending
Beaumont, according to his own statements, reported to Microsoft, according to his own statements, but has not received an answer about two weeks ago. Whether and when Redmond provides a fix for the security gap described is still in the stars. However, it is clear that with the causation of this problem, the trust of Windows users in the operating system updates is not precisely strengthened.
