Article Details

Don't delete that mystery empty folder. Windows put it there as a security fix. Copilot vibe coding for OS development? Why not. Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured – it's perfectly benign. In fact, it's recommended you leave the directory there. The folder, typically C:\inetpub, is empty and related to Microsoft's Internet Information Services (IIS). It will be created when you install the security patches whether or not you're using that optional web server. The purpose of the folder is to mitigate an exploitable elevation-of-privileges flaw within Windows Process Activation, classified as CVE-2025-21204. That CVE, which can give malware on a system or a rogue user system-level file-management privileges, was fixed in the April Patch Tuesday batch from the Windows maker; installing the fix on Windows 11 and 10 will create the directory as additional protection, we're told. "After installing the updates listed in the security updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device," advised Microsoft. "This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users." The inetpub folder isn't a new concept – administrators running IIS will have seen it for years. It's used to store the web server's script files, site content, and other bits and pieces. In the case of CVE-2025-21204, the folder is created with read-only SYSTEM-level access to block some form of privilege-escalation exploitation that hasn't been publicly disclosed. It's important to note that the folder will appear even if you haven't installed IIS, which isn't included by default in Windows 10 and 11. So it's best to just leave it alone. It's there to thwart a potential future attack, according to Microsoft. There is no known exploitation of CVE-2025-21204 in the wild, nor any exploit code being publicly shared. If you have deleted it after applying the patch, there's a fix. Go to the Windows Control Panel and open Programs and Features. On the left you'll see "Turn Windows features on or off." Scroll down until you find IIS and hit "OK" after highlighting it. The folder will be recreated with the correct SYSTEM-level permissions. You can then switch off IIS and restart. (No one uses IIS these days.) Or create the folder by hand with read-only access and SYSTEM-level ownership.