Microsoft's December 2025 Patch Tuesday updates have triggered a critical regression affecting Microsoft Message Queuing (MSMQ), causing widespread application failures across enterprise environments. The cumulative updates released December 9-11, 2025—specifically KB5071546 for Windows 10 22H2, KB5071544 for Windows Server 2019, and KB5071543 for Windows Server 2016—modified MSMQ's filesystem security semantics, preventing non-privileged processes from writing to MSMQ storage. This has resulted in inactive queues, "Insufficient resources" errors from applications and IIS sites, and stalled business workflows, with administrators scrambling for solutions while balancing security and operational continuity.

The Technical Root Cause: Security Model Modification

The core issue stems from changes to the MSMQ security model implemented through these December cumulative updates. According to Microsoft's acknowledgment, the patches modified permissions on the system folder C:\Windows\System32\msmq\storage, where MSMQ persists messages on disk. The NTFS DACL (Discretionary Access Control List) was altered so that identities which previously could create .mq storage files are now denied the required write access.

Community analysis from WindowsForum.com reveals that the security descriptor for the MSMQ folder and its subfolders was changed by the December rollups, breaking historical behavior that many applications relied upon. Non-privileged service identities—including IIS_IUSRS, LocalService, NetworkService, and specific application pool identities—that previously wrote messages can no longer create storage files. The MSMQ code paths then report resource allocation failures, masking the true access-denied cause with misleading "insufficient memory/disk" or "insufficient resources" error messages.

Real-World Impact and Symptoms

Administrators and helpdesk teams have reported consistent operational symptoms after applying the December updates. Queues appear inactive and stop accepting messages, with producers reporting failures when writing to queues. IIS-hosted services and .NET applications throw System.Messaging.MessageQueueException: Insufficient resources to perform operation errors. Event logs show MSMQ storage file creation failures, with systems unable to create the *.mq files under the MSMQ storage folder.

What makes this particularly problematic is MSMQ's role in enterprise environments. As noted in community discussions, MSMQ provides durable, asynchronous message delivery that underpins integration layers, legacy line-of-business systems, and IIS-hosted applications. The service is frequently used in corporate environments for network communication between applications, making it essential for many business workflows. When MSMQ fails, downstream processors stall, queues back up, and error cascades can cause service-level impacts for customer-facing applications.

Microsoft's Response and Official Fix

Microsoft initially confirmed the issue on December 15, 2025, acknowledging that the December security updates were causing problems with Message Queuing. The company stated it was investigating but hadn't provided a timeline for a solution. However, on December 19, Microsoft released an out-of-band (OOB) update called KB5074976 to fix the Message Queuing errors. This update is available via the Microsoft Update Catalog and addresses the permission changes that broke MSMQ functionality.

According to my search of current Microsoft documentation, the KB5074976 update specifically resolves the issue where non-administrative users and service accounts lost write access to the MSMQ storage folder after installing the December 2025 security updates. Microsoft recommends installing this OOB update on affected systems to restore proper MSMQ functionality while maintaining the security fixes from the original December patches.

Community Workarounds and Mitigation Strategies

Before Microsoft released the official fix, administrators developed two primary mitigation strategies, each with significant trade-offs:

Option 1: Roll Back the Problematic Update

The preferred approach from a security posture perspective was to uninstall the specific December cumulative update from affected hosts. This generally restored the previous ACL model and returned MSMQ to normal behavior. The process involved:

  • Identifying the installed package with DISM /Online /Get-Packages
  • Removing the LCU package using DISM /Online /Remove-Package /PackageName:<name-of-lcu-package>
  • Rebooting and validating MSMQ behavior

However, this approach came with significant caveats. If the update was delivered as a combined SSU+LCU package, removal could be complicated. More importantly, rolling back removed not just the regression but also the security fixes contained in the LCU, including those addressing CVE-2025-62455—an MSMQ elevation-of-privilege vulnerability.

Option 2: Apply NTFS ACL Workarounds

The fastest operational fix involved granting minimal write/modify permissions on C:\Windows\System32\MSMQ\storage to the exact identities that needed to write. Community members shared PowerShell patterns like:

$acl = Get-Acl "C:\Windows\System32\MSMQ\storage"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("DOMAIN\svc_mymq","Modify","ContainerInherit,ObjectInherit","None","Allow")
$acl.AddAccessRule($rule)
Set-Acl "C:\Windows\System32\MSMQ\storage" $acl

Administrators emphasized critical cautions with this approach. Granting write access under System32 increases attack surface, so they recommended:
- Only granting minimal account and operations required
- Enabling auditing on the folder while the workaround is active
- Planning to revert the rule as soon as Microsoft issued an official fix
- Documenting the change thoroughly in incident logs

Security Context: CVE-2025-62455 and Historical Vulnerabilities

The December patches were intended to close an MSMQ elevation-of-privilege issue tracked as CVE-2025-62455. According to vulnerability databases and security trackers, Microsoft shipped fixes for this CVE across affected Windows SKUs in these December updates. Applying security fixes promptly remains crucial, especially given MSMQ's security history.

In April 2023, Microsoft warned IT administrators about a critical vulnerability in MSMQ (CVE-2023-21554) that exposed hundreds of systems to remote code execution attacks. That high-severity Remote Code Execution vulnerability sparked emergency patching because an unauthenticated attacker could send a malicious MSMQ packet to achieve remote code execution on an MSMQ server. This historical context underscores why hardening MSMQ is valid from a security standpoint, but also highlights the operational risk when hardening breaks legitimate tenant workloads without mitigation guidance.

Detection and Triage Checklist

Community members developed a practical triage runbook for administrators facing MSMQ issues:

  1. Confirm MSMQ presence: Check via Control Panel → Programs and Features → Turn Windows features on or off, or use PowerShell: Get-WindowsOptionalFeature -Online | Where-Object { $_.FeatureName -like "MSMQ*" }

  2. Reproduce and capture error events: Look for System.Messaging exceptions in Application/System event logs, searching for "message file cannot be created" or similar MSMQ storage failure messages

  3. Validate queue status: Use Computer Management → Services and Applications → Message Queuing to check queue state (active/inactive)

  4. Check ACL changes: Compare the security descriptor on C:\Windows\System32\MSMQ and the storage folder against a known good host or baseline

  5. Decision point: If production outages are critical and rollback is permitted per change control, remove the LCU following Microsoft guidance

Long-Term Implications and Recommendations

This incident highlights several important considerations for Windows administrators and enterprise IT teams:

Inventory and Assessment

Organizations should identify all hosts with MSMQ installed using PowerShell, DISM, or Server Manager, prioritizing those supporting production workloads. For systems where MSMQ is no longer needed, consider disabling or removing the component entirely to reduce attack surface.

Testing and Validation

Establish test/staging environments to reproduce issues with updates before broad deployment. The community experience shows that reproducing the issue in test environments helps validate impact and mitigation steps before production deployment.

Migration Planning

Where feasible, plan migration paths away from legacy MSMQ to modern queuing platforms like Azure Service Bus, RabbitMQ, or Kafka for new development. For legacy applications that must continue using MSMQ, include MSMQ compatibility in patch testing cycles.

Security and Operational Balance

This regression exemplifies the tension between hardening and backwards compatibility. While security fixes are vital, changes to low-level permission models that affect legacy middleware require careful consideration, compatibility testing, and clear mitigation guidance before broad deployment.

Critical Analysis: Vendor Engineering Trade-offs

This MSMQ regression offers instructive lessons in large-scale OS engineering:

Strengths: Microsoft's December rollups addressed multiple security issues across a broad attack surface. Closing privilege-elevation and RCE vectors in MSMQ represents important hardening given historical high-severity bugs like CVE-2023-21554.

Weaknesses: Changing a filesystem permission model for an on-disk system folder that many legacy services implicitly relied on—without immediate documented mitigation or compatibility shim—produced significant operational impact. The lag between community reports and updated vendor documentation increased confusion.

Risk Management: Community workarounds that grant write access under System32 are functional but increase attack surface. Administrators implementing such mitigations must do so knowingly and add compensating controls like auditing, minimal scope, and rapid reversion plans.

Current Status and Actionable Guidance

With Microsoft's release of KB5074976, organizations now have an official fix for the MSMQ regression. The recommended course of action is:

  1. Install KB5074976 on affected systems to restore MSMQ functionality while maintaining December security fixes
  2. Remove any temporary ACL workarounds implemented before the official fix
  3. Monitor Microsoft release channels for any additional guidance or updates
  4. Review MSMQ usage across the organization and consider long-term migration strategies

For organizations that rolled back the December updates, they should now install KB5074976 followed by the original December security updates to ensure both security and functionality.

Conclusion

The December 2025 MSMQ regression demonstrates how seemingly small changes in access semantics can cascade into broad operational impact. While Microsoft's rapid release of KB5074976 has provided a resolution, the incident underscores the importance of comprehensive compatibility testing for security updates, especially when modifying low-level system components. For Windows administrators, this episode reinforces the need for thorough patch testing, clear rollback procedures, and long-term planning for legacy component dependencies. As enterprises continue to balance security requirements with operational stability, incidents like this highlight the ongoing challenge of maintaining complex enterprise environments while implementing necessary security improvements.