CVE-2025-21289 is a denial of service (DoS) vulnerability identified in Microsoft Message Queuing (MSMQ) on Windows 10 Version 1507 (build 10.0.10240.0). The vulnerability is classified under CWE-400, which involves uncontrolled resource consumption. MSMQ is a messaging protocol that enables applications running on separate servers/processes to communicate asynchronously. The flaw allows a remote attacker to send specially crafted messages to the MSMQ service without requiring authentication or user interaction, leading to excessive consumption of system resources such as memory or CPU. This resource exhaustion can cause the MSMQ service or the entire system to become unresponsive or crash, resulting in denial of service. The CVSS v3.1 base score is 7.5, indicating a high severity level due to the network attack vector, low attack complexity, no privileges required, and no user interaction needed. The scope is unchanged, and the impact is limited to availability (no confidentiality or integrity impact). No patches or exploits are currently publicly available, but the vulnerability is officially published and reserved since December 2024. Since Windows 10 Version 1507 is an early release version, it is largely out of mainstream support, increasing the risk for organizations that have not upgraded. MSMQ is often used in enterprise environments for reliable messaging, so disruption can affect business-critical applications and services.

For European organizations, the primary impact is denial of service affecting availability of systems running Windows 10 Version 1507 with MSMQ enabled. This can disrupt critical messaging workflows, leading to operational downtime, loss of productivity, and potential cascading failures in dependent applications. Industries relying on legacy Windows 10 deployments, such as manufacturing, healthcare, or government agencies, may face increased risk. The lack of authentication and user interaction requirements makes remote exploitation feasible from external networks, increasing exposure. Although no known exploits exist yet, the public disclosure and high CVSS score suggest attackers may develop exploits, raising the urgency for mitigation. Organizations unable to upgrade may face prolonged exposure, and service outages could impact compliance with European data protection and operational regulations. The impact is primarily on availability, with no direct confidentiality or integrity compromise reported.

1. Upgrade affected systems from Windows 10 Version 1507 to a supported, patched version of Windows 10 or later to eliminate the vulnerability. 2. If upgrading is not immediately possible, restrict network access to MSMQ ports (default TCP 1801) using firewalls or network segmentation to limit exposure to untrusted networks. 3. Monitor MSMQ service resource usage and system performance metrics to detect abnormal spikes indicative of exploitation attempts. 4. Implement intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection for unusual MSMQ traffic patterns. 5. Disable MSMQ on systems where it is not required to reduce the attack surface. 6. Stay alert for Microsoft security advisories and apply patches promptly once released. 7. Conduct regular asset inventory to identify legacy Windows 10 1507 systems and prioritize their remediation. 8. Educate IT staff about this vulnerability to ensure rapid response to any incidents involving MSMQ service disruptions.