Microsoft has taken swift action to address malfunctions associated with Windows Message Queuing (MSMQ) that arose following the December security updates. This unscheduled release impacts several versions of Microsoft Windows, including Windows 10 and various editions of Windows Server, up to and including Server 2019. The issues at hand pose a risk of application outages for those relying on MSMQ for both internal and external communications.
Details of the Update
The complications became apparent earlier this week when it was discovered that certain configurations were unable to send messages via MSMQ APIs after the December updates were installed. The root of the problem lies in modifications to the MSMQ security model, which altered NTFS access rights to the folder C:WindowsSystem32MSMQstorage. Consequently, applications or services lacking administrative rights were stripped of essential write permissions, resulting in resource errors and interruptions in message transmission.
In response, Microsoft has updated its Windows Release Health Notes and issued emergency updates. These updates are designated under specific knowledgebase numbers: KB5074976 for Windows 10, KB5074975 for Windows Server 2019, and KB5074974 for Windows Server 2016. The update for Windows 10 raises the build numbers to 19044.6693 and 19045.6693, respectively. These cumulative updates not only rectify the MSMQ issue but also incorporate all changes from the regular December patch cycle.
Initially, these emergency updates were not available through the standard Windows update function. Instead, they could only be accessed via the Windows update catalog by searching for the relevant KB number. Microsoft has indicated that individual server updates were not yet available at the time of the first reports, and there has been no announcement regarding when these updates might be distributed through Windows Update.
Expanded Impact
Throughout the week, Microsoft has broadened the scope of affected operating systems. In addition to Windows 10 version 22H2, earlier versions such as 21H2, 1809, and 1607 have now been classified as vulnerable. On the server side, Windows Server 2012 R2 and Windows Server 2012 have also been included alongside Windows Server 2016 and 2019. Operators of these systems that utilize MSMQ should verify whether the December updates have been applied and, if necessary, manually install the corresponding emergency update.
The unscheduled updates serve to rectify a side effect of the December security updates that could lead to significant disruptions, particularly within corporate environments. The underlying issue stemmed from the interplay of heightened security measures and existing authorization frameworks. For installations impacted by this situation, the timely installation of the provided updates is crucial to restore the functionality of MSMQ-based applications.
