Microsoft Addresses Security Flaw Linked to Deleted 'inetpub' Folders

Microsoft has issued guidance regarding a security vulnerability associated with the 'inetpub' folder that was created during its April security updates on Windows systems. Users who inadvertently delete this folder may unknowingly expose their systems to new security risks. To remediate this issue, Microsoft has released a PowerShell script designed to restore the 'inetpub' folder and ensure that the necessary permissions are correctly configured.

In an updated security advisory, Microsoft noted that immediate action is required for systems with the KB5055528 update installed where the '%systemroot%\inetpub' directory has been removed. The advisory emphasizes the importance of executing the PowerShell script named Set-InetpubFolderAcl.ps1 to re-establish the folder and restore appropriate access controls.

The provided PowerShell script not only creates the 'inetpub' directory if it has been deleted but also configures its permissions to prevent unauthorized access and potential vulnerabilities associated with CVE-2025-21204. Furthermore, the script will update the access control lists (ACLs) for the 'DeviceHealthAttestation' directory, if it exists. This directory was generated by security updates released in February 2025 on specific server versions.

To install the script, users can simply run the command Install-Script -Name Set-InetpubFolderAcl. However, administrative privileges are required to execute the script successfully.

Concerns regarding the deletion of the 'inetpub' folder surfaced earlier in April, when a security researcher discovered that removing this directory could hinder the installation of subsequent security updates. The importance of the 'inetpub' folder in maintaining system integrity and security has now been underscored by Microsoft's prompt response to rectify the situation.