It’s possible that Windows 11 customers who viewed their files after an upgrade earlier this month discovered a new folder they weren’t familiar with. As it happens, it’s rather significant.
Online interest and uncertainty were sparked by the empty folder, known as “inetpub,” which led to some users deleting it. Although the folder is meant to handle Internet Information Services logs, it was visible to anyone without that service enabled.
According to Microsoft, the deletion of the folder poses a security risk even if nothing noticeable occurred after it was removed.
“After installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device,” Microsoft said in a security update. Regardless of whether Internet Information Services (IIS) is running on the target device, this folder shouldn’t be removed. This behavior is a component of security-enhancing modifications and doesn’t need any action from end users or IT administrators.
According to Microsoft, a “link following flaw” might be used by an attacker to get access to your machine by means of the deletion. A request for more comment from Microsoft was not immediately answered.
According to Satnam Narang, senior staff research engineer at the cybersecurity company Tenable, “even though it’s unclear exactly why the folder is needed, the fact that Microsoft updated its security advisories to elevate the issue shows you should pay attention.”
“It’s a bit of a headscratcher, but if Microsoft says it’s needed to thwart exploitation somehow, then consumers should take it seriously,” Narang said in his email.
How to proceed if you erased Windows’ “inetpub” folder
According to Windows Latest, the vulnerability may be fixed by recovering the deleted folder by turning on Internet Information Services.
To do this:
Navigate to Control Panel > Programs > Programs and Features to access your Windows features that are optional.
Choose to activate or deactivate Windows features.
Next to Internet Information Services, check the box.
Press OK.
To confirm that “inetpub” has returned, you may access your Windows folder. That’s all.
According to Narang, installing IIS is the best approach to guarantee that the folder is placed back correctly since it’s crucial that it has the right rights. “Once installed, users can uninstall IIS, as the folder will remain on the system after,” he said.