Windows 11 KB5089549 Install Bug Blocks Security Updates on Low-ESP Systems
Microsoft confirmed that the mandatory Windows 11 cumulative update KB5089549 is failing on some devices, leaving them without the latest security fixes. The installation issue is primarily affecting systems with nearly full EFI System Partitions (ESP)—especially those with about 10 MB or less of free space—and commonly triggers errors including 0x800f0922, 0x80240069, and 0x80240031. Affected machines often stall at roughly 35–36% during restart, then roll back the update instead of completing installation.
Microsoft said it deployed a server-side Known Issue Rollback (KIR) to mitigate the problem for consumer and unmanaged business devices, with the fix expected to apply automatically after a restart. The company also advised users to reboot and retry the update, while enterprise administrators were told to use a Group Policy mitigation for managed environments. Reports also noted that some impacted systems experienced boot issues or degraded performance, adding to broader concerns over recent Windows update reliability problems.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Microsoft releases KB5094126 and fixes KB5089549 ESP install bug
Microsoft released the June 2026 Windows 11 Patch Tuesday update KB5094126 for versions 25H2 and 24H2. The company said the update fixes the earlier KB5089549 installation failures tied to insufficient EFI System Partition space and reported no known issues at release.
Microsoft deploys Known Issue Rollback for KB5089549 bug
Microsoft said it deployed a server-side Known Issue Rollback to mitigate the KB5089549 installation issue on affected devices. The company advised users to restart and retry the update, and provided enterprise administrators with a Group Policy-based mitigation.
Microsoft confirms KB5089549 install failures tied to low ESP space
Microsoft confirmed that some systems were failing to install the mandatory Windows 11 May 2026 update KB5089549, with errors including 0x800f0922 and failures linked primarily to insufficient free space in the EFI System Partition. The issue could stall installation around 35–36%, trigger rollback behavior, and leave devices unpatched.
Microsoft releases May 12 KB5089549 Patch Tuesday update
Microsoft's May 12 Patch Tuesday cumulative update KB5089549 for Windows was released, later becoming the update affected by installation failures on some systems.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
I tested Windows 11 June 2026 Updates: Here's everything new, improved, and fixed
windowslatest.com
Open sourceMicrosoft Confirms Windows Update Bug Blocking Security Fixes
techrepublic.com
Open sourceMicrosoft confirms Windows 11 KB5089549 issues due to low storage, says it's rolling out an emergency patch to fix install errors
windowslatest.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Fixes Windows 11 Update Failures Caused by Small EFI Partitions
Microsoft released Windows 11 cumulative update **KB5089573** to permanently fix an installation bug introduced by **KB5089549** that caused some systems running versions **24H2** and **25H2** to fail during reboot. Affected devices typically stalled at about **35–36%** completion, rolled back the update, and returned error `0x800f0922`, with logs indicating insufficient free space in the **EFI System Partition (ESP)**. Microsoft had already applied a Known Issue Rollback and provided a registry-based workaround for enterprise administrators before issuing the permanent fix. The update raises Windows 11 builds to **26100.8524** and **26200.8524**, includes servicing stack and AI component updates, and is available through **Windows Update**, **Microsoft Update Catalog**, **Windows Update for Business**, and **WSUS**. Microsoft said no known issues were identified at release and indicated that the fix will also be included in subsequent cumulative updates, reducing the need for users and administrators to manually resize the ESP or remove security updates.
Jun 2, 2026
Windows 11 KB5089549 Install Failures Complicate Microsoft Defender Security Patches
Microsoft confirmed that the Windows 11 security update `KB5089549` can fail to install on systems running versions 24H2 and 25H2 when the EFI System Partition has 10 MB or less of free space. Affected devices typically stop during reboot at about 35–36% completion, return error `0x800f0922`, and roll back the update. Microsoft has issued a **Known Issue Rollback** for consumer and unmanaged business devices, while enterprise administrators must use a Group Policy workaround; for persistent cases, the company also published a registry-based mitigation to reduce reserved EFI servicing padding. The same update also addresses a separate problem that had pushed some Windows 11 devices into BitLocker recovery after earlier 2026 updates. The installation issue is significant because Microsoft’s May security advisories also included multiple **Microsoft Defender** vulnerabilities, with `CVE-2026-41091` and `CVE-2026-45498` added by CISA to the **Known Exploited Vulnerabilities** catalog, signaling active exploitation risk. Additional Defender flaws tracked as `CVE-2026-45584` and related advisories were also published by Microsoft and echoed by national cybersecurity agencies, including Canada’s Cyber Centre and HKCERT, which urged organizations to review the bulletins and apply updates. Microsoft said it is developing a permanent fix for the Windows 11 update failure in a future release.
May 24, 2026
Microsoft Issues Emergency Windows 11 Update for Installation Failure Loop
Microsoft released an out-of-band Windows 11 update, **KB5086672**, to fix a widespread installation failure affecting versions **25H2** and **24H2** after the March preview update **KB5079391** triggered repeated setup errors. Affected systems entered a loop of failed update attempts and reported error code `0x80073712`, which indicates missing or corrupted update files. Microsoft withdrew the faulty preview release and replaced it with a cumulative package that also carries forward March security and quality fixes. The emergency package moves impacted devices to OS builds **26200.8117** and **26100.8117** and also updates several local AI components. Microsoft said the fix is available through **Windows Update**, the **Microsoft Update Catalog**, and manual installation in Settings, while enterprise administrators can accelerate deployment through **Intune** or **Windows Autopatch** expedited quality updates. Because the release combines the servicing stack and cumulative update, rollback options are limited and manual removal may require **DISM**.
May 25, 2026