Table of Contents
- Why Did Microsoft’s April 2025 Update Create a Mysterious “Inetpub” Folder That You Must Never Delete?
- The Security Crisis Behind the Inetpub Folder
- Microsoft’s Emergency Response
- Step-by-Step PowerShell Script Solution
- Prerequisites
- Installation Commands
- How the Script Functions
- Alternative Recovery Methods
- Critical Security Implications
- Expert Recommendations
Why Did Microsoft’s April 2025 Update Create a Mysterious “Inetpub” Folder That You Must Never Delete?
Microsoft released a critical PowerShell script on June 6, 2025, to help Windows users restore the essential “inetpub” folder that many mistakenly deleted after the April 2025 security updates. This folder serves as a crucial security measure against the high-severity CVE-2025-21204 vulnerability, which could allow attackers to escalate privileges and manipulate system files.
The Security Crisis Behind the Inetpub Folder
The April 2025 Windows updates automatically created an empty C:\inetpub folder on millions of devices running Windows 10 (versions 2019 and 22H2) and Windows 11 (versions 23H2 and 24H2). This folder appeared even on systems without Internet Information Services (IIS) installed, causing widespread confusion among users who assumed it was a bug and dangerously deleted it.
The folder serves as a critical security barrier against CVE-2025-21204, a vulnerability that exploits improper link resolution in the Windows Update Stack. Without this folder, attackers with low privileges can escalate permissions and perform unauthorized file operations with SYSTEM-level access.
Microsoft’s Emergency Response
Microsoft initially failed to communicate the folder’s purpose clearly, leading to mass deletions by concerned users. The company later issued urgent warnings stating: “This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device”.
Cybersecurity expert Kevin Beaumont demonstrated that removing this folder creates additional vulnerabilities, as non-admin users can exploit it to block Windows updates entirely.
Step-by-Step PowerShell Script Solution
Microsoft’s remediation script, Set-InetpubFolderAcl.ps1, provides an automated solution for users who deleted the folder. Here’s the complete restoration process:
Prerequisites
- Administrative privileges required
- PowerShell execution policy must allow script installation
Installation Commands
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass Install-Script -Name Set-InetpubFolderAcl -Force Set-InetpubFolderAcl
If the script fails to execute directly, use the full path:
& "C:\Program Files\WindowsPowerShell\Scripts\Set-InetpubFolderAcl.ps1"
How the Script Functions
The PowerShell script performs intelligent folder management based on existing conditions:
- Missing folder: Creates the inetpub directory with proper IIS permissions
- Empty folder exists: Applies correct security permissions to the existing folder
- Folder with DeviceHealthAttestation only: Secures both the main folder and subdirectory
- Folder with other content: Terminates without changes to prevent data loss
Alternative Recovery Methods
Users who prefer not to use PowerShell can restore the folder through these methods:
- Enable IIS temporarily: Install Internet Information Services from Windows Features, then uninstall it while keeping the folder
- Reinstall updates: Remove and reinstall the April 2025 cumulative update
- Wait for next update: Future Windows updates will recreate the folder automatically
Critical Security Implications
Immediate action is essential for users who deleted this folder. Without the properly configured inetpub directory and its Access Control Lists (ACLs), systems remain vulnerable to:
- Privilege escalation attacks
- Unauthorized file system access
- Potential malware exploitation through the Lumma malware family
The vulnerability affects the Windows Update Stack’s link resolution mechanism, potentially allowing attackers to redirect system operations to unintended locations.
Expert Recommendations
Security professionals strongly recommend immediate folder restoration for affected systems. The script provides the safest and most efficient method, requiring minimal technical expertise while ensuring proper security permissions are applied.
This incident highlights the importance of understanding Windows security updates before making system modifications, as seemingly innocuous folders often serve critical protective functions.