Following the Home windows 11/10 Patch Tuesday updates for April 2025, customers started noticing a brand new and mysterious “inetpub” folder within the C: listing. What added to the intrigue was that the folder appeared empty for many individuals, and thus it was assumed that it may very well be malicious. As such, many customers even proceeded to delete the folder.

Nonetheless, because it seems, Microsoft later confirmed that this folder was certainly a part of the April Patch because it was delivered towards the CVE-2025-21204 escalation of privilege safety vulnerability.

Curiously, a safety researcher discovered that interpub itself may additionally in flip assist menace actors completely block Home windows safety updates, though, in response to the tech large, it’s only categorized as a “average” severity in the meanwhile, one thing that doesn’t require speedy servicing.

As such, Microsoft insists that inetpub should not be deleted “regardless of whether or not Web Data Providers (IIS) is lively.” The corporate shared a brand new PowerShell script to revive the folder in case you deleted it, including that it requires “speedy remediation.”

This reminds us of the current Defender definition updates that had been launched for Home windows picture recordsdata towards Lumma.

In its MSRC advisory, Microsoft cautioned:

“For methods with KB5055528 put in however %systemrootpercentinetpub listing deleted, speedy remediation is required. If the inetpub listing has been deleted, you should run the remediation script Set-InetpubFolderAcl.ps1.

This script will:

1. Recreate the inetpub listing if it has been deleted.
2. Be sure that the listing permissions are accurately configured to forestall unauthorized entry and potential vulnerabilities associated to CVE-2025-21204.
3. Replace ACLs for the DeviceHealthAttestation listing, if it exists. This listing was created on sure Server variations by the February 2025 safety updates. The script will replace the ACLs for the DeviceHealthAttestation listing to make sure it’s safe.”

To get the script, customers can head over to this web page on Microsoft’s official PowerShell Gallery web site. It needs to be run with elevated privileges. The web page additionally supplies some extra directions if wanted.