It’s no secret that updating your Windows PC often brings surprises, be it Microsoft’s AI assistant Copilot breaking or your Start menu changing without warning. This time, the April update snuck a mysterious folder onto everyone’s PCs.
That Random “inetpub” Windows Folder Is Part of a Security Fix
On April 8th, 2025, Microsoft rolled out the Patch Tuesday April 2025 updates, which included the KB5055523 (24H2) update for Windows 11. Just a day after it was released, Windows Latest (along with tons of Windows users, like those on this Reddit post) spotted a mysterious folder called inetpub suddenly appearing on the drive where Windows 11 is installed, typically the C: drive for most users.
While the folder is, ironically, empty and tasks up zero bytes of size on the system drive, waking up to a random folder on your PC would freak anyone out.
The inetpub folder is related to an optional Windows feature called Internet Information Services (IIS), which is Microsoft’s web server software for developers and is created when a developer enables the IIS feature manually. To do so, one needs to go to Turn Windows feature on or off and explicitly install it. The folder typically contains web pages a developer might locally host on the PC, like for testing or internal tools, before pushing them live.
With the April update, though, it was automatically installed on everyone’s PC, even if they had the IIS feature disabled. While most people deleted the folder from their PC entirely when they noticed it, Windows Latest has now mentioned that Microsoft confirmed to them the inetpub folder wasn’t created by accident. It was intentionally added as part of the security patch.
Related
These Apps Might Keep You From Getting the Windows 11 24H2 Update Right Away
You might not even realize you have some of these apps.
Though Windows 11 won’t stop you from deleting the folder (since it isn’t protected), you probably shouldn’t, since it’s linked to a security patch for a bug called CVE-2025-21204, which allows attackers to modify system files or folders. While a random folder appearing on your PC isn’t the biggest deal, the real issue here was that Microsoft failed to mention it in the release notes.
Since everyone caught wind of it, Microsoft has now quietly updated the Patch Tuesday April 2025 Microsoft Support article to clearly state that the inetpub folder was, in fact, not a mistake and was created to patch the bug mentioned above (as spotted by Windows Latest):
After installing this update or a later Windows update, a new %systemdrive%\inetpub folder will be created on your device. This folder should not be deleted regardless of whether Internet Information Services (IIS) is enabled on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users. For more information, see CVE-2025-21204.
Now, we wouldn’t blame you if you deleted the inetpub folder the second you spotted it, especially since Microsoft failed to explicitly mention it in its release notes. Nonetheless, since the company advises against deleting it, the smartest move might be to re-enable this folder. You can do this by enabling Internet Information Services, located in the Turn Windows Features on or off panel.
Otherwise, you can reinstall the April 2025 updates by uninstalling the current update, checking for updates again, and then reinstalling it. Otherwise, you could wait for the next cumulative update to arrive, which should bring the folder back too.
