Windows 11’s crucial new ‘inetpub’ folder is laughably easy to hack

A few weeks ago, we reported that a mysterious folder called “inetpub” appeared on numerous Windows PCs after one of the April updates was installed on them. The initial impression was that this was a bug, as the folder was empty and apparently served no function.

Microsoft later explained that the inetpub folder is important for Windows security because it was created to patch the CVE-2025-21204 vulnerability. In short, the folder is there to bump up system security by preventing the vulnerability from being exploited.

However, this very folder meant to protect you is now causing a new security problem, as attackers can apparently use it to bypass security updates under Windows. Security researcher Kevin Beaumont discovered this and warned against it in a blog post.

Security risk caused by a harmless folder

According to Beaumont, it’s possible to prevent the creation of the inetpub folder by creating a junction point in the C: directory. In Windows, a junction point is an alias that redirects one directory to another (or basically like a shortcut). In his example, Beaumont created a junction at C:/inetpub pointing to notepad.exe.

Once this junction point is made, the actual inetpub folder can no longer be created. This also prevents the installation of the April update and potentially all other security updates as long as Microsoft does not provide a solution to this problem. Affected PCs would then be vulnerable to other security flaws that have already been fixed.

Beaumont shows that this can also lead to a constant back and forth of error messages and attempted rollbacks when installing updates—and attackers don’t even need elevated privileges to trigger the problem.

The discovery has already been reported to Microsoft, but there’s been no response as of yet. It’s unclear whether Microsoft is working on a solution, but at least they should be aware of the problem.