Full Report
Microsoft has confirmed it is investigating a bug causing the Windows 10 KB5068781 extended security update to fail to install with 0x800f0922 errors on devices with corporate licensing. [...]
Analysis Summary
# Vulnerability: Windows 10 ESU Update KB5068781 Installation Failure (0x800f0922)
## CVE Details
- CVE ID: Not Applicable (This is an installation/licensing issue with a specific update, not a platform vulnerability disclosure)
- CVSS Score: N/A
- CWE: N/A
## Affected Systems
- Products: Windows 10
- Versions: Devices enrolled in Extended Security Updates (ESU)
- Configurations: Specifically impacts devices utilizing **Windows subscription activation** through the **Microsoft 365 Admin Center**.
## Vulnerability Description
Microsoft is investigating an issue where the Windows 10 Extended Security Update (ESU) KB5068781 fails to install on certain corporate-licensed devices. The installation process appears to succeed initially, but upon reboot, it rolls back, resulting in the error code `0x800f0922 (CBS_E_INSTALLERS_FAILED)`. This failure is specifically isolated to devices activated via Windows subscription activation managed through the Microsoft 365 Admin Center. Additionally, some administrators report that licensed devices are not correctly recognizing that they require this specific ESU update.
## Exploitation
- Status: Not applicable. This is an operational failure/bug in update deployment, not a security vulnerability exploitation.
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: None (Operational failure)
- Integrity: Low (System integrity issue due to failed update application/rollback)
- Availability: Medium (Prevents essential security updates from installing, delaying security hardening)
## Remediation
### Patches
- **Fix Status:** Microsoft is currently **investigating** the issue. No patch has been released at the time of this summary.
- Relevant Updates: KB5068781 (The update that is failing).
### Workarounds
- No official workarounds have been provided by Microsoft.
## Detection
- **Indicators of Compromise:** Successful installation attempts fail post-restart, presenting error code **0x800f0922** in Windows Update logs or CBS logs.
- **Detection Methods and Tools:** Monitoring Windows Update logs or Configuration Manager/Endpoint Manager reports for installation failures related to KB5068781 yielding error 0x800f0922 on ESU-licensed devices.
## References
- Microsoft Advisory (General Reference to the ongoing investigation)
- BleepingComputer Article: hxxps://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-kb5068781-esu-update-may-fail-with-0x800f0922-errors/