MSMQ becoming inactive;Internet Information Services (IIS) sites failing with “Insufficient resources to perform operation” errors;applications unable to write to queues;errors such as “The message file ‘C:\Windows\System32\msmq\storage*.mq’ cannot be created” when creating message files;misleading log entries such as “There is insufficient disk space or memory”, despite sufficient disk space and memory being available.Affected are servers running Windows Server 2019 and 2016, Windows Server 2012 R2 and Windows Server 2012.Also affected are PCs running Windows 10 version 22H2, Windows 10 version 21H2, Windows 10 version 1809, and Windows 10 version 1607. Support for Windows 10 ended October 14, so the issue should only affect these systems if admins have paid for extended support and received the December update.This issue is caused by a December Patch Tuesday security update (KB5071546) that introduced changes to the MSMQ security model and NTFS permissions on the C:\Windows\System32\MSMQ\ storage folder. MSMQ users now require write access to this folder, which is normally restricted to administrators, says Microsoft. As a result, attempts to send messages via MSMQ APIs might fail with resource errors.”A workaround is available for affected devices,” says the Microsoft update. “To apply the workaround and mitigate this issue in your organization, please contact Microsoft Support for business. We are investigating this issue and will provide more information when it is available.” Jack Bicer, director of vulnerability research at Action1, suggested as a temporary workaround for MSMQ failures that Windows admins grant write access to the MSMQ directory C:\Windows\System32\msmq. Once Microsoft provides the official update, revert the directory permissions to their original state and deploy the fix, he said.Danny Nguyen of Wicloud suggested on a Microsoft Learn forum that admins could either roll back the December security update (KB5071546) or adjust the permissions, as Bicer suggests. However, Nguyen urged admins to consult with their security team before making system-level permission changes.A Microsoft spokesperson was asked for comment, but no response was received by press time.This isn’t the first MSMQ problem in recent memory; last year Microsoft discovered a remote code execution vulnerability (CVE-2024-30008) that carried a criticality rating of 9.8. In this case, however, said Robert Beggs, head of Canadian incident response firm DigitalDefence, although the cause of the issue is a security patch, the impact and workaround are not strictly security issues. Therefore, he believes the fix is a workaround that does not involve security and security support, but regular support for a Windows system. As for the company’s reason for asking admins to contact Microsoft Support for Business for the workaround, he suggested that Microsoft may want to spread the workload to ensure that security support is not overworked.More broadly, warned Shipley, any update that leads to a business application failure is the kind of issue that turns admins off patching. December is the biggest month of the year for retail, and not the time for POS machines to go down because of the installation of a new patch.This article originally appeared on Computerworld.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4108360/microsoft-warns-msmq-may-fail-after-update-breaking-apps-2.html
