Microsoft has released a Powershell script to help restor an empty ‘Intepub’ folder manufactured by April 2025 Windows Security Update. As Microsoft warned earlier, this folder a high-seriousness Windows process helps reduce the hydroelectric privilege privilege vulnerability.
In April, after installing new security updates, Windows users suddenly found that an empty C: \ Intepub folder was created. As this folder is associated with Microsoft’s Internet information server, users found that it was confused that it was built when the web server was not installed.
This inspires some people to remove the folder, making them weak for the re -patched vulnerability. Microsoft said that users who removed it can manually “by installing internet information services from Windows” by “control panel or by turning off the Windows features.
Once the IIS is installed, a new Intpub folder will be added to the root of C: \ Drive, with files and the same system ownership as a directory created by the April Windows Security Update. Also, if you do not use IIS, you can uninstall it using the same Windows feature control panel to remove it, C: \ Intepub Folder is left behind.
On Wednesday, in a new update for CVE-2025-21204 advisor, the company also shared Reconsideration script It helps to re -create this folder from a powerrashel shell using the following orders:
Install-Script -Name Set-InetpubFolderAcl
C:\Program` Files\WindowsPowerShell\Scripts\Set-InetpubFolderAcl.ps1
As the Redmund suggests, the script will determine the correct IIS permissions to prevent unauthorized access to CVE -2025-21204 and to prevent potential weaknesses.
It will also update the access control list (ACL) entries for devicelerathatestation directation directation on Windows Server Systems to ensure that February 2025 is created by security updates.
Microsoft: “Don’t delete it.”
Safety defects (Cve-2025-21204) This IIS web server platform was not installed earlier on the system built by this INTPUB folder (automatically installed by the system made by the safety update of April) An improper link in the Windows update stack is caused by an inappropriate link resolution problem.
This means that Windows updates can follow the symbolic link on unpoured devices, allowing local attackers to be allowed to trick the OS in reaching or modifying unpredictable files or folders.
Microsoft states that successful exploitation allows attackers with less privileges and NT Authority manipulation or performing or performing in file management operations in terms of system account.
While removing the folder, our tests did not cause issues using Windows, Microsoft told Bleepingcomputer that it was intentionally made and should not be removed. Redmond issued the same warning in an updated advisor for CVE-2025-21204 security defects to be warned to remove users to remove empty %SystemDrive %\ Intepub folders.
The company warned, “This folder should not be deleted regardless of the internet information service (IIS) being activated on the target device. This behavior is part of changes that increase security and do not require any action from IT administrators and end users.”
Cyber safety expert Kevin Buumont also demonstrated that non-appreciated users can misuse this folder to block Windows updates by creating a junction between C: \ Intepub and any Windows file.
Manual patching is old. It is slow, error-prone and hard for scale.
On June 4, join Kandji + Tines, to see why the older methods are short. See the real -world examples of how modern teams use automation to patch rapid patching, risk cuts, obedient stay and leaving complex scripts.
