2 weeks Ago By Zak Doffman, Contributor
Microsoft's April update suddenly gets awkward An awkward new warning for Windows users heading into the weekend. Microsoft’s confusing messaging on deleting or not deleting a mystery folder on your PC has suddenly taken a nasty turn. This could now leave you and your PC at risk.
We’re talking “inetpub,” of course, the mysterious folder that turned up on PCs post the April update, and which at first was irrelevant and then critical and is now a threat. Per XDA-Developers , the “‘inetpub’ folder might be more dangerous than we thought..
. the inetpub folder in Windows 11 can pose a risk if weaponized by hackers. Non-admin users can easily stop Windows security updates using junction points.
Attempting to block updates may lead to installation errors or rollbacks on Windows 11.” PC World was first to pick up the warning from cyber guru Kevin Beaumont , commenting that the “crucial new ‘inetpub’ folder is laughably easy to hack..
. The initial impression was that this was a bug, as the folder was empty and apparently served no function. Microsoft later explained that the inetpub folder is important for Windows security because it was created to patch the CVE-2025-21204 vulnerability.
” That’s neatly ironic. “In short, the folder [which] is there to bump up system security by preventing the vulnerability from being exploited” actually introduces a vulnerability. According to Beaumont, Microsoft’s patch for CVE-2025–21204, which “allows users to abuse symlinks to elevate privileges using the Windows servicing stack and the c:inetpub folder.
” The fix is to add the c:inetpub folder themselves, but the new problem is “this fix introduces a denial of service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates.” If you’re not keeping up with the “inetpub” story so far, you’re not alone. Per Cybersecurity News , “this isn’t merely a temporary denial of service – it’s a persistent issue that continues until someone manually resolves the junction or reinstalls the system.
.. This could be easily scripted and deployed by malware or malicious actors seeking to keep systems vulnerable to other exploits.
” Absent a fix — and Beaumont reported this to Microsoft a fortnight ago, “system administrators are advised to monitor the system drive for unusual junction points.” Mayank Parmar from Windows Latest told me “if someone without admin rights uses a trick (called a junction) to link this folder to a file — like Notepad — it can break future Windows updates. The system expects inetpub to be a folder, not a file, so the updates fail with an error code (0x800F081F).
This glitch can be abused to block future updates, and Microsoft hasn’t yet responded to the issue.” The advice remains not to delete the folder, but as XDA Developers says, “the company told users not to delete it, as it's a part of a security patch titled CVE-2025-21204 and is harmless. However, deleting the folder won't kill your PC if Microsoft is to be believed.
” According to Parmar, “normally a junction is used to make one folder act like another. But here, a user can create a junction from C:inetpub to a file (like Notepad). The system expects inetpub to be a folder.
When it turns out to be a file, Windows updates fail with an error, blocking future updates." All of which means "no admin rights are needed, just this trick breaks the update process.” I have reached out to Microsoft for any further user guidance.
.
