Microsoft Confirms 'inetpub' Folder Creation in April Update as Security Measure

The folder, linked to a vulnerability fix for CVE-2025-21204, is intentionally created and should not be deleted, Microsoft advises.

Microsoft's April 2025 cumulative updates for Windows 10 and 11 create an empty 'inetpub' folder on system drives, even if IIS is not installed.
The folder is linked to a security fix addressing CVE-2025-21204, a vulnerability involving improper link resolution in the Windows Update process.
Microsoft confirmed the folder's creation is intentional and warned users not to delete it, as it enhances system protection.
The 'inetpub' folder is created by an elevated SYSTEM process during the update, but its exact protective purpose remains unclear.
This update highlights ongoing challenges in balancing user expectations with security measures in Windows update processes.