Microsoft Issues Critical Update For Windows Users—Do Not Delete This
You have been warned — do not hit delete.
You won’t like this. If you’re at risk from this Windows security vulnerability, the fix is a nightmare unless you’re a fairly expert user. That’s not ideal, and it’s all down to an update quietly installed on your PC without explanation in April.
You may recall the awkward saga of the “inetpub” folder and “Microsoft’s confusing messaging on deleting or not deleting this mysterious folder on your PC that could leave you and your PC at risk.” Plenty of users deleted the folder that suddenly turned up.
“After installing this update or a later Windows update,” Microsoft later explained, the new folder will appear on your device. “This folder should not be deleted.”
This empty folder, Windows Latest explains, “is typically associated with Internet Information Services (IIS), which is a native Windows service that allows developers to host websites or apps on Windows 11.” The empty folder appeared without explanation. “Some of us assumed that it’s a bug with the cumulative update and deleted the folder.”
Now we have news of an actual fix. “If you deleted the “inetpub” folder, created after Windows April 2025 updates,” Windows Latest warns, “you need to immediately bring it back.” You can turn on the IIS service or “use a new PowerShell script.”
Only after all those deletions did the explanation come. The “inetpub” folder “is created as part of a security patch for CVE-2025-21204,” Windows Latest says, “and it doesn’t matter whether IIS is turned on or not. It’ll show up, and you’re not supposed to delete it, and if you deleted it, please bring it back, according to Microsoft.”
You can turn on IIS, “however, that’s something most people don’t want to do because IIS also creates additional folders, which are not required unless you’re a developer. Instead you can run Microsoft’s newly released PowerShell script.
First ensure you’re logged in as an Administrator, then you can follow Windows Latest’s instructions:
- In PowerShell, first allow signed scripts and modules from Microsoft’s PowerShell Gallery with the following command: Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
- To download the script from the PowerShell gallery, run the command: Install-Script -Name Set-InetpubFolderAcl -Force
- In some cases (like mine), you’ll be asked to install “NuGet Provider” when it’s not present. Simply respond with “Y” to proceed, and run the above “install-script” again.
- Run “Set-InetpubFolderAcl” to apply the fix and create the folder. But if you get an error that says “command not found” error, run it by full path: & ‘C:\Program Files\WindowsPowerShell\Scripts\Set-InetpubFolderAcl.ps1’
Mostly users are unlikely to go through this, which will leave them at risk. “As per Microsoft, without the folder and its correct ACLs (Access Control Lists), you remain exposed to potential privilege escalation or unauthorized access.”