In a recent development concerning Windows security, users may find themselves grappling with a significant vulnerability linked to an update that was quietly implemented in April. This situation has left many feeling uneasy, particularly those who are not well-versed in the intricacies of system management.
The Mysterious Inetpub Folder
The saga began with the emergence of the “inetpub” folder, which has been a source of confusion for many. Microsoft’s communication regarding the folder has been less than clear, leading numerous users to delete it, believing it to be an unnecessary addition. However, Microsoft later clarified that this folder, typically associated with Internet Information Services (IIS), is essential and should not be removed.
As detailed by Windows Latest, the “inetpub” folder is linked to the hosting capabilities of Windows 11, allowing developers to run websites and applications. Its sudden appearance, without prior explanation, led to assumptions of a potential bug, prompting users to take action that may now jeopardize their system security.
Addressing the Vulnerability
Recent reports indicate that if users have deleted the “inetpub” folder following the April 2025 updates, it is crucial to restore it immediately. The folder is integral to addressing the security patch for CVE-2025-21204, and its absence could expose systems to risks such as privilege escalation and unauthorized access.
For those who may be hesitant to enable IIS due to the additional folders it creates—most of which are unnecessary for non-developers—Microsoft has provided an alternative solution through a newly released PowerShell script. This method allows users to restore the folder without the complexities of enabling IIS.
Step-by-Step Restoration
To execute this fix, users should ensure they are logged in as an Administrator and follow the instructions outlined by Windows Latest:
- First, allow signed scripts and modules from Microsoft’s PowerShell Gallery by entering the command: Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
- Next, download the script from the PowerShell gallery using: Install-Script -Name Set-InetpubFolderAcl -Force
- If prompted to install the “NuGet Provider,” simply respond with “Y” to proceed and then rerun the install script.
- Finally, execute Set-InetpubFolderAcl to apply the fix and recreate the folder. Should you encounter a “command not found” error, use the full path: & ‘C:Program FilesWindowsPowerShellScriptsSet-InetpubFolderAcl.ps1’.
Despite these instructions, it is anticipated that many users may not undertake this process, potentially leaving them vulnerable. Microsoft emphasizes that without the proper folder and its Access Control Lists (ACLs), users remain at risk of exposure to various security threats.
