Windows 11 KB5055523 issue creates “inetpub” folder out of nowhere

I saw this folder the other day after installing the April KB update. I didn't pay much attention to it.

Thank you for the information @stapp My machine doesn't have the IIS services feature even turned on.

I deleted the folder inetpub that had been created. Appreciate you bringing this up.

 

I had two instances of that. Was unable to delete inetpub.cdf-ms.

 

The folder inetpub on my C-drive was created 19-01-2025. It seems it has something to do with Internet Information Services.

 

Interesting. I just deleted an empty inetpub folder that was created 2 days ago. Someone wrote a patch to do a thing and didn't check for if it was actually installed.

If you do actually have IIS installed, don't delete the folder.

 

"Update 4/10: Article updated with information from Microsoft and confirmation the inetpub folder is created on Windows 10 too.

However, Microsoft told BleepingComputer that the folder was intentionally created and should not be removed.
As an empty folder should not have any impact on Windows, especially when IIS is not installed, it should be left alone until we learn more from Microsoft."
https://www.bleepingcomputer.com/ne...date-unexpectedly-creates-new-inetpub-folder/
--------------
"Update: While Microsoft doesn’t want to explain why it added the folder, the company told me that the folder was created intentionally, and there is no need to delete it. Microsoft doesn’t want to share additional details, but in our tests, we observed that nothing happens to the system if you delete the folder. At the end of the day, it’s empty."
https://www.windowslatest.com/2025/...-issue-creates-inetpub-folder-out-of-nowhere/

 

Same. With no explanation I don't see what it would matter to have an empty folder for a service that is not installed. I'd really have to question their intentions if they claim it should be there. What are they planning to do with it?

 

They're just trying to not look stupid (again) after this one...

https://www.computerworld.com/artic...-copilot-causing-issues-for-citrix-users.html

Uh, yeah, the inetpub folder was intentional. Yeah. that's it, intentional.

 

Added FAQ to explain that after installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device. This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users. This is an informational change only.

Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204#faq

 

What to do if you removed the “inetpub” folder assuming it to be a bug?

Windows 11: Microsoft warns do not delete inetpub folder after causing confusion

 

Too late, I have already deleted it lol.

 

When MS says: Do not! I see: Do!

 

I'm certainly not uninstalling and reinstalling the update to get it back. And if it comes back with a future update I will be keeping an eye on it.

 

Same here.

 

Microsoft: Windows 'inetpub' folder created by security fix, don’t delete
April 11, 2025

https://www.bleepingcomputer.com/ne...b-folder-created-by-security-fix-dont-delete/

 

So everyone is excited about this folder, is there any evidence that deleting it or not deleting it causes any issues? I say...chill.

 

Bingo. There are ten of thousands of folders on your system, this one has to be quite benign compared to many of the others. Microsoft wrote this Operating System, eventually there comes a time when you have to start having faith in them (otherwise, why do you keep sending them money).
Acadia

 

I've used MS in some fashion since MS-DOS. I will acknowledge that I've profited from using their products (DOS, then Windows, as well as Visual Studio and MSDN), but I have no faith in them making choices in my better interests, only that they're driven by sales and whatever is the latest marketing fad. But, like an Ent, I haven't sent them money in a very long time.

 

Thanks for the info but that article raises more questions than it answers.

 

Such as?
TIA

 

@Mr.X
Why it's so easy to delete it if it's so important ?
Oups, i've delete-it, but no error message appears after several days ?
IIS is totally disabled (features and GPO) do i really need-it ?
if i create again this folder with simple right clic and give it System ownership, it's ok ?

Honesty it's total waste of time to talk about that, just wait and see.

 

Microsoft tells how to "put it back".

https://www.techradar.com/computing...ows-11-update-must-take-action-to-put-it-back

Acadia

 

Finally some "detailed" info. If a hacker had a physical access to my PC, then IIS vulnerability would be the least of my concerns. Anyway, according to this info, it is definitely safe to remove.