Windows 11’s April Update Quietly Installs Web Server Folder – Because Why the F*** Not?

Let’s not beat around the bush: Microsoft has lost the plot.

The April 2025 Patch Tuesday update, KB5036893, has introduced a truly baffling new feature. No, it’s not a productivity booster, a security enhancement, or even a flashy bit of UX polish. It’s a folder. A very specific folder.

Say hello to C:\inetpub, now appearing uninvited on machines all over the world—even those that have never, ever, EVER had IIS installed.

Why is this happening? No one knows.

Why was it not mentioned in the changelog? Because well Microsoft…..

The Folder That Shouldn’t Be

Let’s be crystal clear: inetpub is the traditional home for Internet Information Services (IIS)—Microsoft’s own web server software. If you’re running a web server on a Windows machine, you’ll see this folder. That’s normal.

What is not normal is this folder showing up on your nan’s laptop after a Windows update. Or on an accountant’s machine. Or your kids’ gaming rig. Or literally any system where IIS has never been touched.

Yet here we are.

Microsoft pushed this update out, and like a drunk guest at a wedding, it dropped its belongings in the middle of the room and slurred, “This is my house now.”

Microsoft’s Official Response: [404 – Not Found]

You’d expect some kind of statement from the vendor that just changed every supported Windows 11 machine on the planet. An explanation. A reason. A damn comment in the patch notes.

Nope. Nada. Silence.

The only confirmation this isn’t a mass hallucination is the growing chorus of angry sysadmins on Reddit, BleepingComputer, and various tech forums who are all wondering the same thing:

“What the absolute f* is this folder doing here?”

Let’s Talk Security, Shall We?

This isn’t just digital litter. inetpub is not a harmless cosmetic change. It’s a known file path associated with web servers. And what do threat actors absolutely love? Known, writable directories.

Picture it: your EDR tools scan for unexpected directory structures and trip over this newly minted inetpub. You get a ticket. Or worse, it gets flagged during an actual IR process. You waste time and effort chasing a red herring because Microsoft forgot to mention they were sprinkling web server bits across your fleet.

This is amateur hour stuff. And I’m being polite.

So What Are the Theories?

1. IIS Integration Prep

Some have suggested that this might be Microsoft laying groundwork for a future web-based feature. Great. Maybe tell us? Or here’s a novel idea—don’t push the folder unless the feature is actually enabled?

2. A Build Artefact

Far more likely. A dev team prepped the build with the folder structure and forgot to remove it before pushing live. Because what’s change control anyway?

3. Cosmic Joke

I’m not ruling this out.

What Should You Do?

Step 1: Check if you’ve been hit

Look for C:\inetpub on machines updated with KB5036893.

Step 2: Delete It

Yes, you can delete it. Unless your AV is feeling frisky and has decided it’s now critical infrastructure. In which case, congratulations, you’ve got a permanent reminder of Microsoft’s QA failures.

Step 3: Disable Auto Updates (If you haven’t already)

This should go without saying, but if you’re still auto-approving Windows updates without testing them first, this is your sign to stop.

Seriously, what will it take? Microsoft deploying Clippy via Group Policy?

This Is Not an Isolated Incident

We’ve got a laundry list of recent Microsoft "oopsies":

• The KB5034441 WinRE debacle, where updates failed unless you manually resized partitions.

• The January Server 2022 issue, where DHCP services randomly stopped working after patching.

• The USB printer fiasco that still haunts classrooms and small offices.

And now this: “Surprise! Your machine is now a web host!”

There is a trend here. It’s not a good one.

Enterprise IT: Good Luck Explaining This

Imagine being the person who has to answer for this in your weekly change review:

CTO: “Why did all our machines get web server folders?”
You: “Because Microsoft is drunk.”
CTO: “Can they undo it?”
You: “Only if they sober up.”
CTO: “Great. Put it in the board report.”

Meanwhile, your SIEM lights up with every scan, and your risk register just grew a new entry called "Mystery Folder Deployment."

So, Microsoft…

If you’re going to treat production environments like test beds, the very least you can do is document your weirdness. Add a line. Add a note. Add a post-it to the update if that’s all you can manage.

Because this “oh just push it, they’ll figure it out” attitude is not just lazy—it’s dangerous. You’ve got hospitals, schools, banks, and yes, even MSPs relying on you not to randomly turn their endpoints into confused web servers overnight.

You want us to trust updates? Earn it.

If This Is the Future, We Need to Start Drinking at Breakfast

We’ve reached a point where no update can be installed without triple-checking what else it might be doing behind the scenes.
Security teams are stretched thin. IT teams are underfunded. And Microsoft—our dear partner in productivity—is sneakily installing folders like it’s planting Easter eggs in a horror film.

If you’re responsible for systems, this is why you test patches in a staging environment. And it’s also why you consider third-party patch management tools instead of relying on Windows Update like it’s still 2003.

Honestly, it’s exhausting.