Do Son 
Following the installation of the April security updates for Windows, some users have noticed the sudden appearance of a mysterious, empty directory at C:\inetpub. Despite the lack of notifications or explanations in the user interface, there is no cause for alarm—everything is proceeding according to plan. This is a deliberate security measure introduced by Microsoft as part of the fix for CVE-2025-21204, and users are strongly advised not to delete the folder.
While inetpub has traditionally been associated with storing files for the Internet Information Services (IIS) web server, the update creates this directory even on systems where IIS has never been enabled. This behavior is intentional—the folder is created with restricted access rights assigned solely to the system account (SYSTEM) and is designed to neutralize a specific privilege escalation vector. Although Microsoft has not disclosed the technical intricacies of the attack, it is understood that the vulnerability could have allowed a malicious actor or program to obtain system-level privileges and manipulate files at the operating system level.
Microsoft stresses that no action is required from end users or administrators. The folder should remain in place, regardless of whether IIS is installed. It is now a component of a broader security enhancement initiative aimed at fortifying the system against future threats. As of the time of this publication, there have been no known instances of this vulnerability being exploited in the wild, nor is there a publicly available exploit.
If you have already deleted the folder after applying the update, it can be restored. One method is to temporarily enable the IIS component via “Windows Features,” which will recreate the folder with the appropriate access permissions. IIS can then be safely disabled, followed by a system reboot. Alternatively, the folder can be manually re-created at C:\inetpub, assigned the SYSTEM user as the owner, and configured with read-only permissions.
Nonetheless, deletion is strongly discouraged. Even if you do not use IIS—and chances are you do not—this directory is now a fundamental part of Windows’ evolving defensive architecture.
