Full Report
Folder permission changes cause queue failures and misleading error messages, no real fix yet Microsoft has good news for administrators: while some organizations now pay for security updates on older Windows versions, the inconsistent quality remains free.…
Analysis Summary
# Vulnerability: MSMQ Failure Following December 2025 Security Update Due to Permission Changes
## CVE Details
- CVE ID: N/A (This appears to be a bug/regression introduced by a non-security update, or the CVE for the underlying security update is not specified in the context.)
- CVSS Score: N/A
- CWE: N/A (Regression/Configuration Issue)
## Affected Systems
- Products: Windows 10, Windows Server
- Versions: Windows 10 22H2 and earlier (down to 1607), Windows Server 2012 through 2019.
- Configurations: Systems applying the December 2025 Windows Security Update. Primarily affects enterprise or managed IT environments. Home/Pro editions on personal devices are unlikely to be affected.
## Vulnerability Description
The December 2025 Security Update introduced changes to the MSMQ security model and NTFS permissions for the `C:\Windows\System32\MSMQ\storage` folder. This modification enforces that "MSMQ users now require write access to this folder," which was previously restricted to administrators. This restriction causes Message Queuing (MSMQ) functionality to fail, leading to queues becoming inactive, IIS sites failing with "Insufficient resources to perform operation" errors, and applications being unable to write to queues. Misleading error messages, such as disk space or memory exhaustion, are often logged.
## Exploitation
- Status: Not applicable (This is a functional regression/bug caused by an update, not a traditional security vulnerability exploit.)
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: Potential indirect impact if applications relying on MSMQ cease functioning correctly.
- Integrity: Potential data loss or processing failures if messages cannot be written/relayed via MSMQ.
- Availability: Direct impact on the availability of MSMQ services, related IIS sites, and dependent applications.
## Remediation
### Patches
- No specific fix patch is mentioned; the issue is acknowledged as a defect in the December 2025 update. Awaiting a resolution from Microsoft.
### Workarounds
1. **Contact Microsoft Support:** Microsoft suggested contacting their support team for a workaround.
2. **Uninstall the Update:** Uninstalling the December 2025 Security Update will resolve the MSMQ failure, though this means losing the security fixes contained within that update.
## Detection
- **Indicators of Compromise (IOCs):**
- MSMQ queues failing or becoming inactive.
- IIS sites displaying errors like "Insufficient resources to perform operation."
- Application logs showing errors related to MSMQ message sending failures.
- Log messages indicating "There is insufficient disk space or memory" when resources are plentiful.
- **Detection methods and tools:** Monitoring system logs for MSMQ failures and specifically checking permissions on `C:\Windows\System32\MSMQ\storage`.
## References
- Microsoft Confirmation/Status Page: hxxps://learn.microsoft.com/en-gb/windows/release-health/status-windows-10-22h2#message-queuing--msmq--might-fail-with-the-december-2025-windows-security-update
- Vendor Advisory (General context): The Register article detailing the issue.