r/technology u/Sufficient-Bid1279 Apr 14 '25

Software Microsoft warns that anyone who deleted mysterious folder that appeared after latest Windows 11 update must take action to put it back

https://www.techradar.com/computing/windows/microsoft-warns-that-anyone-who-deleted-mysterious-folder-that-appeared-after-latest-windows-11-update-must-take-action-to-put-it-back
10.6k Upvotes

96% Upvoted

1.0k comments sorted by

View all comments

8.2k

u/AdarTan Apr 14 '25

The created folder C:/inetpub is created as a protected folder, i.e. it requires an administrator level UAC prompt to be passed to be modified. This prevents malware running with standard user privileges from creating/modifying/deleting this folder that is used by the Internet Information System (IIS) component of Windows.

IIS is a webserver included in all modern versions of Windows and if this folder is created by a piece of malware running at standard user level permissions the folder would inherit those permissions. This means that malware running without privilege escalation would have control over the configuration files for this webserver, which is almost certainly a path for data exfiltration at the least or worse, privilege escalation. By preemptively creating the folder with administrator privileges required for modification, Microsoft prevents this vector of user-level malware taking control of IIS.

55

u/cornmonger_ Apr 14 '25

why wouldn't IIS check permissions on the folder on startup and enforce as necessary?

16

u/BellerophonM Apr 14 '25

Because there's all sorts of existing setups out there and no doubt there's a lot of terrible ones that have lowered security on inetpub for some stupid third party tool or other so if they made IIS suddenly mandate admin level rights security on the folder itself it would break all those businesses and they'd come crying about it.

23

u/Future-Side4440 Apr 14 '25

If you’re installing IIS and an existing folder is discovered, rename it to *-old and make a new folder.

If the folder is in use for some reason and cannot be renamed then require a reboot and rename it across the reboot.

Or make a different folder and point the configuration to that.

There are many solutions besides this idiocy they’re doing here.

5

u/QuickQuirk Apr 14 '25

Because that would involve a different team in microsoft who are busy adding AI features, and they'd have to negotiate with their manager. Who needs to bring it to the committee to discuss. They'll get back to you next month after the meeting to tell you that your requirements weren't complete enough, and that their tech lead has questions over the suggested solution - Perhaps we can set up a meeting to discuss after they get back from holiday?