That page eventually leads to the CVE page: https://msrc.microsoft.com/update-guide/vulnerability/CVE-20...

While that's still pretty vague, it sounds like the issue was that something running as SYSTEM (the page seems to indicate some part of Windows Update) was not correctly checking if inetpub was a symlink or something along those lines. It also links to a script to set ACLs on that directory; presumably that's not possible to do if the directory doesn't exist.

It would probably be better to fix whatever component to not have the link traversal bug, but maybe there's some reason that makes the proper fix infeasible…

> to "increase protection" for unspecified reasons

Everything old is new again https://devblogs.microsoft.com/oldnewthing/20041116-00/?p=37... (2004)