Microsoft has released an out-of-band update to address a critical bug causing multiple Message Queuing errors. The issue affects Windows 10 22H2, Windows Server 2019, and Windows Server 2016 systems that have installed updates KB5071546, KB5071544, and KB5071543, released during the December Patch Tuesday. This bug is causing significant disruptions for businesses, with applications and IIS websites malfunctioning after the patches are applied.
The problem stems from changes to the MSMQ security model. MSMQ users now require write access to the system folder C:WindowsSystem32msmqstorage, which is typically restricted to administrators. This modification has led to various symptoms, including inactive MSMQ queues, 'insufficient resources' errors in IIS sites, and applications unable to write messages to queues. Some systems even display misleading error messages about disk space or memory, even when resources are available.
The impact is particularly severe in clustered MSMQ environments under load. However, systems with full admin rights for logged-in users do not experience the issue. This solution is not feasible for many enterprise environments due to security best practices.
MSMQ plays a crucial role in corporate environments, facilitating network communication between applications and providing asynchronous messaging for line-of-business and IIS-based web applications. Microsoft is actively investigating the problem but has not yet announced a timeline for a solution. The company is considering whether to release an emergency update or wait for the next Patch Tuesday. Administrators facing the issue must weigh the risks of rolling back the updates against the potential security vulnerabilities associated with doing so.
This incident highlights the ongoing challenge of balancing security and functionality in Microsoft's update process. It also underscores the importance of careful patch management and the need for IT professionals to stay vigilant and responsive to emerging issues.
