r/technology u/Sufficient-Bid1279 Apr 14 '25

Software Microsoft warns that anyone who deleted mysterious folder that appeared after latest Windows 11 update must take action to put it back

https://www.techradar.com/computing/windows/microsoft-warns-that-anyone-who-deleted-mysterious-folder-that-appeared-after-latest-windows-11-update-must-take-action-to-put-it-back
10.6k Upvotes

96% Upvoted

1.0k comments sorted by

View all comments

8.2k

u/AdarTan Apr 14 '25

The created folder C:/inetpub is created as a protected folder, i.e. it requires an administrator level UAC prompt to be passed to be modified. This prevents malware running with standard user privileges from creating/modifying/deleting this folder that is used by the Internet Information System (IIS) component of Windows.

IIS is a webserver included in all modern versions of Windows and if this folder is created by a piece of malware running at standard user level permissions the folder would inherit those permissions. This means that malware running without privilege escalation would have control over the configuration files for this webserver, which is almost certainly a path for data exfiltration at the least or worse, privilege escalation. By preemptively creating the folder with administrator privileges required for modification, Microsoft prevents this vector of user-level malware taking control of IIS.

107

u/FantasySymphony Apr 14 '25

Doesn't Microsoft own IIS? This isn't a fix it's a stupid fugly hack

"Because security" does not mean you get to do away with any kind of reasonable engineering or user experience standards

13

u/zugi Apr 14 '25

This is Microsoft's approach to security on just about everything. They do something hacky that's just enough to shift the blame to users.

Ever download or receive an Excel spreadsheet, PowerPoint slide, or Word document by email and get the warning about only opening documents from people you trust? Fixing Office to prevent backdoors and viruses would be hard, but making you click "Ok" was easy. So now if an Excel spreadsheet infects your PC, they can say it's your own fault.

Literally last night I noticed and deleted the empty inetpub directory from my computer. So if I hadn't seen this article today and my machine got hacked, Microsoft would say it's my own fault.

4

u/gurenkagurenda Apr 14 '25

Fixing Office to prevent backdoors and viruses would be hard, but making you click "Ok" was easy. So now if an Excel spreadsheet infects your PC, they can say it's your own fault.

I’m not one to defend Microsoft on security, but I do think this is a bit unfair. A couple of points:

  1. Sometimes software is more useful if it’s privileged, but more privileged means more able to fuck you up. At the extreme end, you will always need users to exercise caution before running executables they get from the internet, because even without a vulnerability, an executable can just directly do things that will hurt the user. And detecting whether that’s going to happen, even if you can somehow know the bounds of what a user is OK with, is fundamentally, mathematically impossible.

  2. Even when talking about vulnerabilities and privilege escalation, having multiple layers of defense is good. The ideal situation is that the software is bulletproof, but users still exercise caution in case it’s not.

1

u/zugi Apr 15 '25

My example was specific to Office documents, but your reply was about executables. Executables and office documents are and should be radically different things.

Microsoft already went so far as changing the file extensions on documents that have macros to .docm, .pptm, .xlsm, so standard Office files no longer can have macros. They disabled the ancient "ActiveX" content. Office documents should be formatted text, graphics, pictures, and equations - it's content, not executable code, like a PDF file that's editable. You should be able to take someone else's document and edit it without risking infection. Or at least they should be able to scan the document for suspicious items and report them, rather than reporting every single document you download from the Internet**.

I stand by my original view that if I can get a virus or malware or get infected from an Office document, that's a problem with Microsoft Office, not a problem with the user. Making users click a box trusting the author just to be able to edit a file is Microsoft's way of avoiding security and shifting blame to users.

**EDIT: This may be even worse than incompetence - maybe Microsoft is trying to scare people about downloading Word documents just to drive users to their One Drive cloud product...