Full Report
Redmond gets in early for the twelve whoopsies of Christmas Microsoft has hustled out an out-of-band update to address a Message Queuing issue introduced by the December 2025 update.…
Analysis Summary
# Vulnerability: Microsoft Message Queuing Breakage Post-December 2025 Update
## CVE Details
- CVE ID: Information not provided in the text. (Likely an unassigned or internal tracking ID for an update rollback fix.)
- CVSS Score: Not explicitly provided. (The issue focuses on service functionality impact, not a typical remote code execution vulnerability.)
- CWE: CWE-73 (External Control of File or Resource Modification) or CWE-16 (Configuration) are plausible, related to improper permission requirements introduced by the update.
## Affected Systems
- Products: Windows 10 22H2 ESU, Windows 10 Enterprise LTSC 2021, Windows 10 LTSB 2016, Windows Server versions (from 2008 to 2019).
- Versions: Systems that applied the standard December 9, 2025 update.
- Configurations: Enterprise environments. Users on Pro and Home editions were "very unlikely" to encounter this issue.
## Vulnerability Description
A change introduced in the December 2025 update required Message Queuing (MSMQ) to have write access to restricted administrative areas. This permission change caused MSMQ functionality to fail, leading to service outages (e.g., IIS stopping) and applications relying on queue writing to break down. The issue sometimes manifested with misleading errors indicating insufficient disk space or memory.
## Exploitation
- Status: Not directly described as malicious exploitation, but rather a service-impacting bug introduced via an update.
- Complexity: Not applicable in terms of malicious exploitation.
- Attack Vector: Not applicable; this was an unintended side effect of a software patch.
## Impact
- Confidentiality: Low/Not directly impacted.
- Integrity: High (Messaging infrastructure broken, service reliability degraded).
- Availability: High (Message queuing stops working, critical dependent services like IIS may fail).
## Remediation
### Patches
- An Out-of-Band (OOB) update was released to reverse the faulty change made in the December 2025 update. Install this OOB update.
- Specific patch versions are not listed, but the fix is available via the latest post-December 2025 OOB release for the affected products.
### Workarounds
- Granting modified permissions to the MSMQ storage folder.
- Rolling back the December 2025 update (Note: This may prevent security fixes from the December 9th update from being applied).
## Detection
- Indicators of Compromise: Services reliant on MSMQ failing to send/receive messages, misleading log entries referencing insufficient disk space/memory when resources are plentiful.
- Detection methods and tools: Monitoring MSMQ service health and application logs for connectivity errors or the specific misleading errors mentioned after applying the December 2025 update.
## References
- Vendor advisories: Microsoft's Windows Message Center (as referenced in the text).
- Relevant links - defanged:
- `learn.microsoft.com/en-us/windows/release-health/windows-message-center#3753`
- `learn.microsoft.com/en-us/answers/questions/5669061/regarding-problems-with-msmq-in-the-december-2025`