Microsoft Releases Emergency Update to Resolve MSMQ Bug Affecting IIS Sites
On December 18, 2025, Microsoft issued an out-of-band update to address a critical issue with the Message Queuing (MSMQ) service that emerged following the December 9 security patches. This problem led to inactive message queues, preventing applications from writing to them and resulting in error messages related to insufficient resources, disk space, or memory constraints. The issue was particularly severe in clustered MSMQ environments under heavy load, where queue failures could cascade across distributed systems.
Internet Information Services (IIS) sites that rely on MSMQ for asynchronous message processing were at risk of service disruptions without this patch. Enterprise environments and managed IT infrastructures were most affected, though personal Windows Home and Pro editions remained largely unaffected.
The December 18 update incorporated all fixes from the previous December 9 release, ensuring users who had not yet installed that month’s patches would receive both cumulative improvements. Additionally, a servicing stack update (KB5068780) enhanced verification logic for Azure-hosted devices, ensuring seamless future update installation on cloud infrastructure.
Microsoft emphasized the importance of installing the latest servicing stack update before applying additional patches to prevent deployment complications. Azure customers were advised to verify that devices had access to the certificate update domains for successful installation. Administrators were urged to prioritize deploying this out-of-band update across enterprise environments immediately.
Organizations running IIS with MSMQ integration were encouraged to test the patch in staging environments before deploying it to production. The update was made available through Windows Update, Business Update Catalog, and Server Update Services channels.
Separately, Microsoft warned that Secure Boot certificates would expire starting in June 2026, potentially affecting device boot capabilities. Organizations were advised to review certificate guidance and schedule updates proactively to prevent future operational disruptions.
