Microsoft's December Update: A Security Fix Gone Awry
Microsoft has admitted to a critical issue with its December 2025 security updates, causing Message Queuing (MSMQ) to malfunction across various Windows systems. This glitch is affecting enterprise applications and IIS websites, leaving many users scratching their heads.
The problem arises for Windows 10 22H2, Windows Server 2019, and 2016 users who installed the security updates KB5071546, KB5071544, and KB5071543 during Patch Tuesday. Users are encountering a host of issues, including inactive MSMQ queues, IIS sites crashing with resource errors, and applications unable to write to queues. Adding to the confusion, some systems misleadingly report insufficient disk space or memory, despite ample resources.
Microsoft attributes this to changes in the MSMQ security model, which altered permissions on a crucial system folder. Now, MSMQ users need write access to a folder typically reserved for administrators. But here's the catch: this issue won't affect users with full admin privileges.
"The recent security model changes and NTFS permissions adjustments on the C:\Windows\System32\MSMQ\storage folder are the culprits," Microsoft stated. "MSMQ users now need write access to this folder, which is usually an admin-only privilege." As a result, sending messages via MSMQ APIs may fail, and clustered MSMQ environments under load are also affected.
MSMQ, an optional component on Windows, is a network communication tool widely used in enterprise settings. Microsoft is investigating the issue but has not offered a solution timeline or indicated whether an emergency update is forthcoming. Admins may need to consider rolling back the updates, a decision that comes with its own security trade-offs.
Interestingly, this isn't the first MSMQ-related issue. In April 2023, Microsoft urged IT admins to patch a critical vulnerability (CVE-2023-21554) in MSMQ, which left systems vulnerable to remote code execution attacks.
And now, a word from our sponsors: Break down IAM silos with the help of Bitpanda, KnowBe4, and PathAI. Learn how to overcome traditional IAM challenges and build a scalable strategy. After all, broken IAM isn't just an IT headache; it's a business-wide issue.
This guide offers a comprehensive look at modern IAM practices, showcasing what 'good' IAM entails and providing a checklist for a robust IAM strategy. Are you ready to revolutionize your IAM approach? [Link to Guide]
What do you think about Microsoft's handling of this issue? Do you think rolling back updates is the best solution, or should they release an emergency fix? Share your thoughts below!
