At first glance, the existence of the inetpub folder appeared to be a bug, especially since it was empty and served no obvious purpose. However, this folder has a critical role in enhancing system security by preventing potential vulnerabilities from being exploited.
Ironically, this very folder, designed for protection, is now creating a new security concern as attackers may be able to use it to circumvent security updates in Windows. This situation poses a significant risk stemming from a folder that initially seemed innocuous.
Security researcher Beaumont has indicated that it is possible to prevent the creation of the inetpub folder by establishing a junction point in the C: directory. In the context of Windows, a junction point functions as an alias that redirects one directory to another, much like a shortcut.
Beaumont demonstrated this by creating a junction at C:/inetpub that points to notepad.exe. By implementing this junction point, the inetpub folder cannot be generated, which in turn obstructs the installation of crucial security updates, including the April update.
The lack of resolution from Microsoft regarding this issue leaves affected PCs exposed to known security vulnerabilities that have already been patched. Additionally, the creation of this junction can trigger a cycle of error messages and installation rollbacks, and the flaw can be exploited without the need for elevated privileges on the part of attackers.
While Beaumont has reported this issue to Microsoft, it remains uncertain whether the company is actively working on a solution. Nevertheless, the existence of the problem should at least be on their radar.