Microsoft: Remedy for security vulnerability due to deleted "inetpub" folder

A security update from Microsoft in April created a folder called "inetpub" on Windows systems. Some users have unsuspectingly deleted this folder, which opens up a new security vulnerability. Microsoft now provides a Powershell script that recreates the folder and the correct permissions for it.

Microsoft has updated the security advisory on the vulnerability that closes the update, which in turn creates the "inetpub" folder. "On systems where KB5055528 [the April security updates] is installed but the '%systemroot%\inetpub' directory has been deleted, immediate remediation is required. If the 'inetpub' directory has been deleted, you must run the Set-InetpubFolderAcl.ps1 remediation script," Microsoft now writes there.

Powershell script as a workaround

Microsoft is now providing a Powershell script to help solve the problem. According to Microsoft's description, it recreates the "inetpub" directory if it has been deleted. It also "ensures that directory permissions are configured correctly to prevent unauthorized access and potential vulnerabilities related to CVE-2025-21204," the company explains.

In addition, the script updates the access rights (ACLs) of the "DeviceHealthAttestation" directory, if it exists. "This directory was created on certain server versions by the February 2025 security updates. The script updates the ACLs of the directory to ensure that it is secure", Microsoft explains in the updated security message.

To install the script, the call Install-Script -Name Set-InetpubFolderAcl should suffice. Admin rights are required to start the script itself.

In April, it became known that one of the patchday updates creates the "inetpub" folder. IT security researcher Kevin Beaumont found out while playing around with it that deleting the folder could prevent the installation of newer security updates.

(dmk)