By A few weeks ago, we reported that after installing one of the April updates on many Windows PCs, a suspicious folder named “inetpub” emerged on those computers. The folder was empty and seemed to have no purpose, so at first glance, this was thought to be a problem.
Microsoft later clarified that the inetpub folder was made to fix the CVE-2025-21204 problem, which makes it crucial for Windows security. To put it briefly, the folder’s purpose is to increase system security by thwarting the exploitation of the vulnerability.
However, because it appears that attackers can exploit it to get around Windows security upgrades, this very folder that was designed to keep you safe is now creating a new security issue. This was uncovered by security researcher Kevin Beaumont, who in a blog post cautioned against it.
The danger to security caused by a harmless folder
Beaumont claims that by setting up a junction point in the C: directory, it is possible to stop the inetpub folder from being created. An alias that reroutes a directory to another is called a junction point in Windows; it functions similarly to a shortcut. Beaumont made a junction pointing to notepad.exe at C:/inetpub in his example.
It is no longer possible to construct the actual inetpub folder after this junction point is formed. Additionally, as long as Microsoft doesn’t fix this issue, it will be unable to install the April update and maybe any other security upgrades. Then, compromised computers would be exposed to additional security vulnerabilities that have already been addressed.
When installing updates, Beaumont demonstrates that this can also result in a continuous cycle of error warnings and attempted rollbacks; attackers don’t even require elevated credentials to cause this issue.
Microsoft has already been informed of the discovery; however, as of right now, they have not responded. Although it’s unclear if Microsoft is developing a remedy, they need to be aware of the issue.
