Microsoft has confirmed that its December 2025 Home windows safety replace (KB5071546, OS Construct 19045.6691) is inflicting Message Queuing (MSMQ) failures, resulting in widespread IIS web site crashes.
First reported on December 12 and final up to date December 16, the issue manifests beneath load, notably in clustered setups, disrupting essential messaging workflows.
Affected customers report MSMQ queues going inactive, stopping functions from writing messages. IIS-hosted websites throw “Inadequate sources to carry out operation” errors, halting providers regardless of ample disk area and reminiscence.
Particular failures embrace errors like “The message file ‘C:WindowsSystem32msmqstorage*.mq‘ can’t be created,” alongside deceptive logs claiming “inadequate disk area or reminiscence.”
These signs stem from current hardening in MSMQ’s safety mannequin, which tightened NTFS permissions on the C:WindowsSystem32MSMQstorage folder. Now, MSMQ customers require specific write entry, beforehand admin-only, triggering API failures when sending messages.
The flaw doesn’t have an effect on client setups: Home windows Residence or Professional editions on private gadgets face negligible danger. Enterprise IT admins, nevertheless, bear the brunt, with Home windows Server 2019, 2016, 2012 R2, and 2012 hit hardest, alongside purchasers like Home windows 10 variations 22H2, 21H2, 1809, and 1607.
Microsoft acknowledges the problem on its assist portal, attributing it to overzealous permission modifications within the patch launched December 9. “We’re investigating and can present updates,” the corporate states.
For now, no public patch exists; IT groups should contact Microsoft Help for enterprise to deploy a focused workaround restoring folder entry with out compromising safety.
This glitch underscores the double-edged sword of month-to-month Patch Tuesday updates. MSMQ, a legacy however important Home windows element for dependable queued messaging in distributed apps, underpins numerous enterprise techniques from monetary transaction processors to industrial management setups. When paired with IIS, failures cascade, doubtlessly idling net providers and triggering outages throughout peak hundreds.
Safety groups ought to scan environments instantly. Instruments like PowerShell’s Get-HotFix or WSUS reviews can flag KB5071546 deployments. Rollback stays an possibility for non-clustered techniques, however clustered admins danger information loss.
As ransomware and supply-chain threats loom, such update-induced disruptions spotlight the necessity for staged testing. Microsoft guarantees decision quickly, however proactive outreach to assist is vital. Enterprises delaying contact danger extended downtime in an already unstable risk panorama.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.
