Microsoft’s latest security updates have broken the MSMQ functionality in various Windows versions, causing problems with applications in production.
The security update that Microsoft rolled out to Windows systems in December is causing problems with Microsoft Message Queuing (MSMQ) and Internet Information Services (IIS). MSMQ is a protocol that has been around since 1997 and allows applications on different servers to communicate indirectly with each other. Messages end up in a queue, where receiving systems can retrieve them.
MSMQ ensures robust communication from (legacy) systems where some computers and applications are not always online. The solution is used in production environments of large companies and thus plays a crucial role in business operations. Now, various reports show that the update of December 9 has undermined that MSMQ architecture.
Adapted semantics
The update has modified the semantics and permissions within the MSMQ file system, which means that processes can no longer simply write to the MSMQ storage. The result is inactive queues and broken workflows.
The bug affects various Windows versions, including Windows 10 22H2 (for users with Extended Security Updates), Windows Server 2019, and Windows Server 2016. Microsoft has since admitted that there is a problem.
The best option is to roll back the security update. Another option is to give extra permissions to processes. Both options are not ideal and, ironically, cause security problems.
Matter of trust
Microsoft is letting affected organizations down badly with this update. Many security problems can be prevented when organizations quickly install security patches. That only happens when those patches are reliable. By not testing sufficiently, Microsoft undermines confidence in important security patches. Unfortunately, the situation is not very exceptional.