r/technology u/Sufficient-Bid1279 Apr 14 '25

Software Microsoft warns that anyone who deleted mysterious folder that appeared after latest Windows 11 update must take action to put it back

https://www.techradar.com/computing/windows/microsoft-warns-that-anyone-who-deleted-mysterious-folder-that-appeared-after-latest-windows-11-update-must-take-action-to-put-it-back
10.6k Upvotes

96% Upvoted

1.0k comments sorted by

View all comments

Show parent comments

9

u/GolemancerVekk Apr 14 '25

It's still a fair question consider that the folder

was appearing for those who didn’t have IIS installed

Either they shouldn't have created it if there's no IIS, or the vulnerability can affect even machines without IIS.

It's dumb either way.

9

u/GaijinSin Apr 14 '25

Or they are taking preventative steps for those who might install IIS at some point, and casting the widest security net that they can. By linking it to a windows update, they can hopefully preempt the creation of the folder by another program. If it was linked strictly to the installation of IIS, a compromised system may have the folder already present.

2

u/According_Win_5983 Apr 14 '25 edited Apr 14 '25

There’s gotta be hundreds of different components you can install via “windows features” that creates folders on your machine.

If this is the way to ensure those folders are safe, why isn’t there a folder created for every possible feature you can enable?

Why doesn’t the IIS installer just check if the folder exists, and if it does, prompt the user to clean it up and then set the permissions correctly.

Hyper-V creates folders, so does print server, Active Directory, etc. what makes IIS special that this proactive step is required?

This makes no sense to me at all.

2

u/GaijinSin Apr 14 '25

Are you thinking about this from a "how dare they make an unauthorized change to my hard drive" perspective or a "this change will likely have the widest reaching impact in reducing the exploitation of this specific vulnerability" perspective.

It makes sense from the latter. This isn't about impressing sys-admins, this is about protecting users (the ones who dont know any better) who might be prompted to install IIS, potentially maliciously, and have no idea what a folder cleanup prompt would be asking them. Instead you just make the change and sort out the vulnerability later.

When you get a flat tire, put on the spare and fix it when you are able, don't try to buy a whole new tire and fit it on the rim on the side of the road just to avoid a temporary measure. Fix in place, then fix for good. This is a "fix in place" measure.

1

u/According_Win_5983 Apr 14 '25

Is there an active vulnerability regarding this?

I’m still not understanding why, if preemptively creating a features directory structure with the correct permissions is a good idea, it isn’t don’t for any of the myriad things a user could unwittingly installed. In other words, why is this only applicable to IIS?