MS superseded it a week after it was released due to access denied issues.
Known Issues with KB5071543
KB5071543 is the Cumulative Update for December 2025 for Windows Server 2016, and multiple users have reported installation failures. The update has been causing various issues, including:
Installation failures - The update fails to install and rolls back after reboot
MSMQ issues - After installing KB5071543, users might face issues with Message Queuing (MSMQ) functionality, which also impacts clustered MSMQ environments under load
Solution
This issue was resolved by the Windows out-of-band update, released December 18, 2025 (KB5074974).
Recommended Steps:
Install the out-of-band update KB5074974 instead of KB5071543, which fixes the known issues
Check for registry corruption - Users have successfully resolved KB5071543 installation failures by applying a registry fix that addresses corrupted Windows Event Log registry entries
Run system maintenance commands:
Run SFC scan: sfc /scannow
Run DISM: DISM /Online /Cleanup-Image /RestoreHealth
If KB5071543 is already installed and causing issues, you may need to uninstall it and install KB5074974 instead
The MS catalog says it has been superseded. When is HCL content going to reflect this?
I'm not sure that we would; per the MS Catalog, the newer update is in category 'Update' instead of 'Security Update'. The convention in our content is that 'Security Update' will only be superseded by other 'Security Update', not by another patch of category 'Update'.
I think the history on this is because some customers wish to apply only 'Security Update' (or perhaps apply those on an accelerated schedule), and marking the 'Security Update' as Superseded might leave the system unpatched entirely if 'Update' category is not also selected to be deployed.
That said, installing the later update should make the older one non-relevant. I'm just not certain how much of the decision-making we should be taking on customers' behalf, and how much should be up to local owners.
Thoughts @gus ? Should we manually alter supersedence on this package?
@JasonWalker We do not supersede a security update (KB5071543) which has CVEs associated with it with a non-security update (KB5074974) which does not have any CVEs associated with it. This non-security update (KB5074974) released on 12/18/2025 mitigated a software bug with the Message Queuing (MSMQ) functionality. Thanks, Gus.
It does more than that. It supersedes KB5071543 in its entirety or MS would not have set it to superseded in the MS catalog. Both are 1.63GB in size. KB5074974 is not a small fix for MSMQ, it is a complete replacement for KB5071543.
@jbruns2017 we have to satisfy customers who only mitigate security vulnerabilities using BigFix fixlet content. Especially when security vulnerability tools (e.g. Tenable, Qualys, Rapid7) will direct them to install the security update (these tools will not reference the non-security update). If you decide to install the December 18, 2025—KB5074974 (OS Build 14393.8692) Out-of-band update, it is cumulative and will also mitigate the previously released security update released on December 9, 2025—KB5071543 (OS Build 14393.8688). However we have to leave the security update in a non-superseded state because it has the CVEs associated with it. Both of these cumulative updates will become superseded in January 2026 when Microsoft releases the next security update. Thanks, Gus.