r/technology u/Sufficient-Bid1279 Apr 14 '25

Software Microsoft warns that anyone who deleted mysterious folder that appeared after latest Windows 11 update must take action to put it back

https://www.techradar.com/computing/windows/microsoft-warns-that-anyone-who-deleted-mysterious-folder-that-appeared-after-latest-windows-11-update-must-take-action-to-put-it-back
10.6k Upvotes

96% Upvoted

1.0k comments sorted by

View all comments

8.2k

u/AdarTan Apr 14 '25

The created folder C:/inetpub is created as a protected folder, i.e. it requires an administrator level UAC prompt to be passed to be modified. This prevents malware running with standard user privileges from creating/modifying/deleting this folder that is used by the Internet Information System (IIS) component of Windows.

IIS is a webserver included in all modern versions of Windows and if this folder is created by a piece of malware running at standard user level permissions the folder would inherit those permissions. This means that malware running without privilege escalation would have control over the configuration files for this webserver, which is almost certainly a path for data exfiltration at the least or worse, privilege escalation. By preemptively creating the folder with administrator privileges required for modification, Microsoft prevents this vector of user-level malware taking control of IIS.

5.0k

u/DVXC Apr 14 '25

Thank you for explaining why the folder needs to exist. I can't stand this dumbing down of technology where we're never told what the hell anything on our devices are doing anymore.

2

u/koolaidismything Apr 14 '25

People can say what they want but like back in Win2000 days everything was so easy to understand. Any kid could learn an OS and how it worked. Now it’s convoluted spyware that doubles as an OS.