cyberdom[.]blog/abusing-the-windows-update-stack-to-gain-system-access-cve-2025-21204/
neowin[.]net/news/microsofts-official-inetpub-folder-lets-hackers-permanently-block-windows-updates-on-pcs/
The security vulnerability Microsoft is trying to patch involves the Windows Update process trusting symbolic links, which are sort of an advanced version of a shortcut. The update process creates ProgramData\ Microsoft\ UpdateStack\ Tasks, and malware could create a symbolic link there leading to a malicious file or script, which the process would run using System-level privileges. [The top linked page has a proof of concept PowerShell script that takes advantage of the vulnerability.]
If you deleted that folder, several sites have articles or posts suggesting that you add IIS [Internet Information Services] from the Windows Features menu, then remove it, leaving an empty C:\inetpub folder behind. Microsoft OTOH says to reinstall April's update [per the top linked page]. You might not want to do so however... a security researcher has found that adding a symbolic link to Notepad in that inetpub folder completely breaks Windows Update. And logically you'd think that if a link to Notepad breaks Windows Update, someone(s) could figure out how to add a link or similar that triggers malware or a malicious script. Worse, the original vulnerability required a bit more skill, because a script or malware would have to watch for when Windows Update created that folder in ProgramData before it activated, and remain undetected in the mean time. This would only require a one time plant of a link or script etc. that would activate when Windows Update ran.
The security researcher has notified Microsoft's security research center, so *hopefully* we'll see a better fix in May's patches. Regardless it's expected to add that folder again if it's been deleted.