Microsoft’s Fix for Accidentally Deleted Inetpub Folder
▼ Summary
– Microsoft released a PowerShell script to restore the empty ‘inetpub’ folder, which was created by April 2025 Windows updates to mitigate a high-severity privilege escalation vulnerability (CVE-2025-21204).
– The empty C:\Inetpub folder confused users as it appeared even without IIS installed, leading some to delete it and reintroduce vulnerability risks.
– Users who deleted the folder can recreate it by installing IIS via Windows Features or using Microsoft’s provided PowerShell script to restore it with correct permissions.
– The PowerShell script sets proper IIS permissions and updates ACL entries for the DeviceHealthAttestation directory to ensure security against CVE-2025-21204.
– Microsoft warns against deleting the folder, as it is a security measure, and misuse (e.g., creating junctions) could block Windows updates or enable privilege escalation.
Microsoft has introduced a PowerShell solution to address issues caused by accidentally deleting the critical ‘inetpub’ folder that appeared after recent Windows security updates. This folder plays a vital role in protecting systems against a serious privilege escalation vulnerability, making its presence essential even for users who don’t run Internet Information Services (IIS).
When April’s security patches rolled out, many Windows users noticed an unexpected empty C:\Inetpub directory appearing on their systems. Since this folder typically relates to IIS, its sudden appearance confused those without the web server installed, leading some to delete it. Unfortunately, removing it undoes the security fix, leaving systems exposed to CVE-2025-21204, a high-risk vulnerability involving improper link resolution in Windows Update.
For those who deleted the folder, Microsoft initially recommended reinstalling IIS via “Turn Windows Features on or off” to regenerate it. Once IIS is enabled, the system recreates the folder with proper permissions. Users can then disable IIS again if unnecessary, though the folder must remain in place.
To simplify the process, Microsoft later released a PowerShell script that automatically restores the folder with the correct security settings. Administrators can run the following command to implement the fix:
“`powershell Install-Script -Name Set-InetpubFolderAcl C:\Program` Files\WindowsPowerShell\Scripts\Set-InetpubFolderAcl.ps1 “`
This script not only recreates the folder but also applies the necessary access control permissions to prevent exploitation. Additionally, it secures the DeviceHealthAttestation directory on Windows Server systems if affected by earlier updates.
Why is this folder so important? The vulnerability allows attackers with limited privileges to escalate permissions and manipulate files under the SYSTEM account. Cybersecurity researcher Kevin Beaumont demonstrated how malicious actors could exploit the folder’s absence to block Windows updates by creating harmful file junctions.
Microsoft has repeatedly emphasized that the inetpub folder must not be deleted, regardless of whether IIS is installed. “This change enhances protection and requires no additional action from users or IT teams,” the company stated. While deleting the folder might not immediately disrupt system functionality, doing so reintroduces security risks that the updates were designed to eliminate.
For administrators managing multiple systems, the PowerShell script offers a quick and reliable way to ensure compliance without manual intervention. Keeping this folder intact is a small but critical step in maintaining a secure Windows environment.
(Source: Bleeping Computer)
