Berlaku Untuk
Windows Server 2012 ESU

Important The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only are met as described in Connected Machine agent network requirements.

Windows Secure Boot certificate expiration 

Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.

Support for Windows Server 2012 will end in October 2026

Windows Server 2012 reached the end of support (EOS) on October 10, 2023. 

Extended Security Updates (ESUs) are available for purchase and will continue for three years, renewable on an annual basis, until the final date on October 13, 2026. For information about the procedure to continue receiving security updates, see KB5031043

We recommend that you upgrade to a later version of Windows Server. For more information, see Overview of Windows Server upgrades.

Change date

Change description

December 18, 2025

  • Added the resolution to the Message Queuing (MSMQ)" known issue.

December 16, 2025

  • Added the "Message Queuing (MSMQ)" known issue.

Summary

Learn more about this cumulative security update, including improvements, any known issues, and how to get the update.

Windows Server 2012

This security update includes fixes and quality improvements that are part of the following update:

The following is a summary of the issues that this update addresses. The bold text within the brackets indicates the item or area of the change we are documenting.

For more information about the resolved security vulnerabilities, please refer to the Deployments | Security Update Guide and the December 2025 Security Updates.

For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, see Description of the standard terminology that is used to describe Microsoft software updates.

To view other notes and messages, see the Windows Server 2012 update history home page.

Known issues in this update

Symptoms

After installing this update, users might face issues with the Message Queuing (MSMQ) functionality. This issue also impacts clustered MSMQ environments under load. Due to this issue, users might encounter the following symptoms:

  • MSMQ queues becoming inactive

  • IIS sites failing with “Insufficient resources to perform operation” errors

  • Applications unable to write to queues

  • Errors such as "The message file 'C:\Windows\System32\msmq\storage*.mq' cannot be created” when creating message files

  • Misleading logs, such as “There is insufficient disk space or memory", despite sufficient disk space and memory being available

This issue is caused by the recent changes introduced to the MSMQ security model and NTFS permissions on the C:\Windows\System32\MSMQ\storage folder. MSMQ users now require write access to this folder, which is normally restricted to administrators. As a result, attempts to send messages via MSMQ APIs might fail with resource errors.

Individuals using Windows Home or Pro editions on personal devices are very unlikely to experience this issue. This issue primarily affects enterprise or managed IT environments. 

Resolution

This issue was resolved by the Windows out-of-band update released on and after December 18, 2025 (such as KB5074980). We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.

How to get this update

Before installing this update

To install any Windows Server 2012 Monthly Rollup released on or after January 14, 2025, we recommend you first install the latest Servicing Stack Update (SSU). If your device or offline image does not have the latest SSU installed, you might not be able to install this update.

Caution: Until you install the latest SSU, this update might not be offered to your device. To reduce your security risk, install the latest SSU as soon as possible.

  • If you use Windows Update, the latest SSU (KB5071813) will be offered to you automatically. If the latest SSU is not installed, you might not be able to install this update.

  • If you use the Update Catalog, we recommend you download and install the latest SSU (KB5071813​​​​​​​). If the latest SSU is not installed, you might not be able to install this update.

  • If you are a Windows Server Update Services (WSUS) administrator, you must approve SSU KB5071813 and this update KB5071505.

For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Language packs

If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Learn about adding a language pack to Windows.

Install this update

To install this update, use one of the following release channels.

Available

Next step

Available

This update will be downloaded and installed automatically from Windows Update.

File information

A list of the files that are included in this update are provided in a CSV (Comma delimited) (*.csv) file. The file can be opened in a text editor such as Notepad or in Microsoft Excel.

Download IconDownload the file information for cumulative update KB5071505 now.

Facebook LinkedIn Email
BERLANGGANAN FEED RSS

Perlu bantuan lainnya?

Ingin opsi lainnya?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center