With the latest Windows 11 update, Microsoft has left an inetpub folder to protect your PC against a vulnerability. However, the folder itself appears to be vulnerable.
The mysterious inetpub folder that suddenly appeared in Explorer with the latest Windows 11 update is stirring up dust. What initially seemed like an empty, useless folder turned out to be intentionally placed there. Microsoft even explicitly asks not to delete the folder.
Inetpub doesn’t come out of nowhere: the folder is normally linked to Internet Information Services (IIS), an optional software component for web and app hosting in Windows. The update also creates the folder if you don’t use IIS, which logically caused confusion among users. The folder is part of a patch against a vulnerability that allows privilege escalation, Microsoft clarified after rolling out the update.
New Vulnerability After Security Patch
However, this solution now appears to be causing a new problem. According to security researcher Kevin Beaumont, both administrators and regular users can create a ‘junction point’ between the folder c:inetpub and, for example, a system file like Notepad. A simple command via the command prompt is sufficient to create the link.
read also
Windows 10 Computers Still Receive Windows 11, Even If Administrators Don’t Want It
Once this link exists, updates can no longer be installed correctly. The update process fails or rolls itself back. As a result, the system no longer receives security updates. The vulnerability can be considered a form of denial-of-service: users can prevent the installation of essential security updates without elevated rights.
Beaumont reports that he reported the new vulnerability to the Microsoft Security Response Center (MSRC) two weeks ago but has not received a response to date. Until Microsoft provides a solution, the risk remains that systems will stay vulnerable to other threats because updates are not getting through.
The mysterious folder is not the only problem with Windows 11. As per usual (for better or worse), installing the update can wreak havoc on your device. Microsoft is working on a solution.