Microsoft clears the ‘inetpub’ folder as safe after April windows security update

Following the April 2025 security updates on KB5055523 for Windows 11 and KB5055518 for Windows 10, users noticed an empty “inetpub” folder appearing in the root of their C: drive. This occurred even on machines where Internet Information Services (IIS) had never been activated. This confused many users, but Microsoft quickly cleared the issue and said it was not a bug/threat.

The “inetpub” folder is traditionally associated with IIS, where it serves as the default root directory for web applications. However, its presence after the update is linked to a security patch addressing CVE-2025-21204, a vulnerability in the Windows Process Activation Elevation service. Microsoft states that the addition of the folder is part of a broader security hardening measure.

Also read : Microsoft Flight Simulator Just Gave Five US Cities a Serious Glow-Up

Although the folder remains empty on most systems, Microsoft advises users not to delete it, even if they don’t use IIS. Its presence does not affect system performance or functionality. However, if a user has already removed the folder, it can be recreated by temporarily enabling and then disabling IIS via the “Turn Windows features on or off” settings.