Microsoft Releases Immediate Remediation Script for Deleted Windows System Folder

Microsoft Releases Immediate Remediation Script for Deleted Windows System Folder

Understanding the Mysterious Inetpub Folder in Windows 11/10 After Recent Updates

Following the release of the Patch Tuesday updates for April 2025, many Windows 10 and 11 users encountered an unexpected folder named inetpub located in the C: directory. Initially, this folder appeared to be empty, raising suspicions among users who feared it could be a potential security threat. In response to this uncertainty, numerous users chose to delete the folder.

Microsoft’s Confirmation on Inetpub

Subsequent to these concerns, Microsoft officially clarified that the inetpub folder is indeed a legitimate component of the April Patch, which addresses the CVE-2025-21204 security vulnerability related to escalation of privilege. This essential update is designed to enhance system security and functionality.

Security Implications and Recommendations

Intriguingly, a security researcher discovered that the inetpub folder could potentially enable threat actors to disable critical Windows security updates permanently. Despite this alarming finding, Microsoft has categorized the risk posed by the inetpub folder as “moderate, ”indicating that it does not warrant immediate action.

Microsoft strongly advises users against deleting the inetpub folder, regardless of whether Internet Information Services (IIS) is operational. To assist users who may have inadvertently deleted it, Microsoft has provided a PowerShell script intended for immediate remediation of the situation.

PowerShell Script for Remediation

According to Microsoft’s MSRC advisory, users who have installed update KB5055528 but deleted the inetpub directory must take corrective action. The advisory includes specific instructions to execute the remediation script Set-InetpubFolderAcl.ps1, which performs the following actions:

  1. Restores the inetpub directory if it has been removed.
  2. Correctly configures the directory permissions to prevent unauthorized access, mitigating vulnerabilities associated with CVE-2025-21204.
  3. Updates Access Control Lists (ACLs) for the DeviceHealthAttestation directory, if it exists, ensuring its security after updates released in February 2025.

How to Access the PowerShell Script

For users looking to obtain the required script, it is available on Microsoft’s official PowerShell Gallery. It is important to run this script with elevated privileges. The PowerShell Gallery page also contains additional instructions to assist users in executing the script correctly.

For further information, you can view the original advisory here.

Related Articles:

Microsoft Build Conference Moving From Seattle After Years of Hosting in the City
Report: Apple’s Upcoming Features for Messages and Phone Apps Unveiled Before WWDC 2025

Leave a Reply

Your email address will not be published. Required fields are marked *