Full Report
Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...]
Analysis Summary
# Vulnerability: Windows 11 Security Update Installation Failure (0x800f0922)
## CVE Details
*Note: This report covers a functional defect in a security patch delivery mechanism rather than a specific vulnerability exploit.*
- **CVE ID:** N/A (Update Installation Issue)
- **CVSS Score:** N/A
- **CWE:** CWE-400 (Uncontrolled Resource Consumption - Disk Space related)
## Affected Systems
- **Products:** Microsoft Windows 11
- **Versions:** Version 24H2, Version 25H2, and Windows Server 2025
- **Configurations:** Systems with limited free space (10 MB or less) on the **EFI System Partition (ESP)**.
## Vulnerability Description
While attempting to deploy the May 2026 security update (KB5089549), the installation fails during the reboot phase (typically at 35–36% completion). The flaw is caused by the update’s inability to handle insufficient disk space on the EFI System Partition (ESP). When the ESP has 10 MB or less of available space, the "SpaceCheck" fails, leading to a "ServicingBootFiles failed" error. This triggers an automatic rollback of the security update, leaving the system potentially vulnerable to the underlying security flaws the patch was intended to fix.
## Exploitation
- **Status:** Not exploited (This is a patch deployment failure)
- **Complexity:** N/A
- **Attack Vector:** Local (Resource constraint)
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** Low (Prevents the application of security patches and causes unexpected system reboots/rollbacks)
## Remediation
### Patches
- **Primary Fix:** Install Windows 11 **KB5089573** (released May 26, 2026) or later.
- **Ongoing:** The fix will be included in the June 2026 Patch Tuesday cumulative updates.
### Workarounds
- **Known Issue Rollback (KIR):** Consumers can use the built-in KIR feature which automatically reverses the buggy update logic.
- **Group Policy (Enterprise):** IT Administrators can apply a specific policy to manage the rollback.
- Policy Link (Defanged): hxxps[://]download[.]microsoft[.]com/download/4ed10a70-0e17-4215-87c4-5eabbfe99c03/Windows%2011%2024H2%2c%20Windows%2011%2025H2%20and%20Windows%20Server%202025%20KB5089549%20260514_06221%20Known%20Issue%20Rollback[.]msi
## Detection
- **Error Codes:** 0x800f0922
- **System Messages:** "Something didn't go as planned. Undoing changes."
- **Log Indicators:** Look for "SpaceCheck" and "ServicingBootFiles failed" entries in Windows Setup log files.
- **Disk Check:** Verify if the EFI System Partition has < 10MB of free space.
## References
- **Microsoft Support (KB5089549):** hxxps[://]support[.]microsoft[.]com/help/5089549
- **Microsoft Release Health Dashboard:** hxxps[://]learn[.]microsoft[.]com/en-us/windows/release-health/status-windows-11-25h2
- **BleepingComputer Technical Report:** hxxps[://]www[.]bleepingcomputer[.]com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/