Microsoft’s December 2025 security updates have unleashed an unexpected headache for enterprise admins relying on Message Queuing (MSMQ).
Installed via KB5071546 on December 9, the patch targeting OS Build 19045.6691 alters MSMQ’s security model, leading to widespread failures in queue operations.
Confirmed on December 12, the issue is most severe in high-load clustered environments, causing queues to become inactive and IIS-hosted sites to crash with cryptic “Insufficient resources” errors.
This glitch surfaced rapidly post-Patch Tuesday, affecting legacy but critical MSMQ-dependent apps in finance, healthcare, and logistics sectors.
Users report applications grinding to a halt and being unable to write messages, despite ample disk space and RAM. The fallout disrupts real-time messaging workflows, forcing IT teams into frantic firefighting.
MSMQ Functionality Broken
Admins face a cascade of failures:
- MSMQ queues go dormant, blocking message flow.
- IIS sites throw “Insufficient resources to perform operation” exceptions.
- Failed writes yield errors like “The message file ‘C:WindowsSystem32msmqstorage*.mq’ cannot be created.”
- Logs misleadingly blame “insufficient disk space or memory.”
These stem from tightened NTFS permissions on the C:WindowsSystem32MSMQstorage folder. Post-update, non-admin MSMQ users lack write access, clashing with the service’s expectations and triggering resource-denied halts.
| Platform | Versions Affected |
|---|---|
| Client | Windows 10, version 22H2 |
| Server | Windows Server 2019 Windows Server 2016 |
Microsoft acknowledges the root cause ties to MSMQ security hardening, now under investigation. No immediate workaround exists, but teams suggest verifying folder permissions or pausing MSMQ in clusters until a fix drops. “We will provide more information soon,” the advisory states.
For now, hold off on KB5071546 in MSMQ-heavy setups or test in staging. This joins a string of Patch Tuesday surprises, underscoring the risks of auto-updates in mission-critical Windows ecosystems.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
