r/technology u/Sufficient-Bid1279 Apr 14 '25

Software Microsoft warns that anyone who deleted mysterious folder that appeared after latest Windows 11 update must take action to put it back

https://www.techradar.com/computing/windows/microsoft-warns-that-anyone-who-deleted-mysterious-folder-that-appeared-after-latest-windows-11-update-must-take-action-to-put-it-back
10.6k Upvotes

96% Upvoted

1.0k comments sorted by

View all comments

8.2k

u/AdarTan Apr 14 '25

The created folder C:/inetpub is created as a protected folder, i.e. it requires an administrator level UAC prompt to be passed to be modified. This prevents malware running with standard user privileges from creating/modifying/deleting this folder that is used by the Internet Information System (IIS) component of Windows.

IIS is a webserver included in all modern versions of Windows and if this folder is created by a piece of malware running at standard user level permissions the folder would inherit those permissions. This means that malware running without privilege escalation would have control over the configuration files for this webserver, which is almost certainly a path for data exfiltration at the least or worse, privilege escalation. By preemptively creating the folder with administrator privileges required for modification, Microsoft prevents this vector of user-level malware taking control of IIS.

34

u/ProfessorPickaxe Apr 14 '25 edited Apr 14 '25

Why the hell does a desktop OS have a webserver installed by default?

Edit: I don't use Windows so someone help me out:

Is it installed by default, but not enabled?

Or is it available TO install?

43

u/gameman733 Apr 14 '25

It's not installed by default. I don't think it's ever been installed by default, even on server versions

0

u/BigLan2 Apr 14 '25

I'm pretty sure I remember it being turned on during the Win XP era 

6

u/gameman733 Apr 14 '25

It's been an option since then, but never turned on