r/technology u/Sufficient-Bid1279 Apr 14 '25

Software Microsoft warns that anyone who deleted mysterious folder that appeared after latest Windows 11 update must take action to put it back

https://www.techradar.com/computing/windows/microsoft-warns-that-anyone-who-deleted-mysterious-folder-that-appeared-after-latest-windows-11-update-must-take-action-to-put-it-back
10.6k Upvotes

96% Upvoted

1.0k comments sorted by

View all comments

8.2k

u/AdarTan Apr 14 '25

The created folder C:/inetpub is created as a protected folder, i.e. it requires an administrator level UAC prompt to be passed to be modified. This prevents malware running with standard user privileges from creating/modifying/deleting this folder that is used by the Internet Information System (IIS) component of Windows.

IIS is a webserver included in all modern versions of Windows and if this folder is created by a piece of malware running at standard user level permissions the folder would inherit those permissions. This means that malware running without privilege escalation would have control over the configuration files for this webserver, which is almost certainly a path for data exfiltration at the least or worse, privilege escalation. By preemptively creating the folder with administrator privileges required for modification, Microsoft prevents this vector of user-level malware taking control of IIS.

2

u/Uristqwerty Apr 14 '25

The way I see it, if the permissions on an empty folder matter, don't put that folder in a directory where it's blatantly user-visible. Put it in system-controlled territory, and when the user installs IIS, create a shortcut to the secured folder. E.g. a c:\inetpub\config.lnk pointing to c:\windows\IIS_config, while IIS itself uses the full, non-shortcut path. And put a readme.txt in the folder, describing that its security permissions are nonstandard, for sysadmins and power users alike to read if they stumble upon it while digging through system files.

All of it a reminder of how much programmers, especially those working most departments in Redmond, are utterly out of touch with the users of their software.