Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922
Cybersecurity NewsArchived May 18, 2026✓ Full text saved
Microsoft has officially acknowledged a critical installation failure affecting its May 2026 Patch Tuesday cumulative update for Windows 11, KB5089549, leaving users stranded with error code 0x800f0922 and, in some cases, additional errors 0x80240069 and 0x80240031. The known issue was formally added to the update’s change log on May 15, 2026, just three days after […] The post Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922 appeared first on Cyber Security News .
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922
By Guru Baran
May 18, 2026
Microsoft has officially acknowledged a critical installation failure affecting its May 2026 Patch Tuesday cumulative update for Windows 11, KB5089549, leaving users stranded with error code 0x800f0922 and, in some cases, additional errors 0x80240069 and 0x80240031.
The known issue was formally added to the update’s change log on May 15, 2026, just three days after the patch’s release.
Released on May 12, 2026, KB5089549 is a mandatory cumulative update for Windows 11 versions 25H2 and 24H2, advancing OS builds to 26200.8457 and 26100.8457, respectively.
The update bundles the latest May 2026 security fixes, non-security quality improvements from April’s optional preview release (KB5083631), and critical Secure Boot infrastructure changes.
Given its classification as a required security update, Windows attempts to install it automatically, making the installation failure particularly disruptive for affected devices.
The confirmed root cause behind error 0x800f0922 is insufficient space in the EFI System Partition (ESP), a reserved, low-capacity partition on the device’s drive that stores critical boot files.
KB5089549 introduces significant Secure Boot infrastructure changes, including a new SecureBoot folder under C:\Windows on eligible devices, along with sample automation scripts designed to help IT administrators manage certificate updates across enterprise fleets.
These additions expand the footprint of files written to the ESP during installation, triggering the failure on systems with insufficient free space on the partition.
A central feature of this update is the phased rollout of new Secure Boot certificates, which adds high-confidence device targeting data to increase coverage of eligible devices.
Devices only receive the new certificates after demonstrating sufficient successful update signals, maintaining a controlled rollout.
Additionally, the update ships example scripts under the new SecureBoot directory, enabling IT professionals in Active Directory environments to automate Secure Boot certificate deployment via safe rollout mechanisms.
Other Critical Fixes in This Update
Beyond the Secure Boot improvements, KB5089549 addresses several significant issues:
BitLocker Recovery Loop Fixed: The update resolves a known issue where devices running April 2026’s KB5083769 could enter BitLocker Recovery after boot file updates, particularly on systems with invalid PCR7 (Platform Configuration Register 7) TPM validation settings.
Boot Manager Reliability: Improvements to startup reliability ensure devices boot normally after boot file updates without entering recovery mode.
SSDP Service Stability: Reliability improvements to Simple Service Discovery Protocol (SSDP) notifications prevent the service from becoming unresponsive.
Daylight Saving Time: The update adds DST support for the 2023 change affecting the Arab Republic of Egypt.
Mitigations
Microsoft is actively rolling out a fix for affected devices. System administrators managing enterprise environments can leverage the new Secure Boot automation scripts available after installing the update to monitor certificate update status and manage phased deployment via Active Directory.
Organizations should monitor the Windows Release Health Dashboard for the latest remediation status.
Users who have previously installed prior cumulative updates will only download the incremental changes included in this package, potentially reducing ESP space requirements on already-updated systems.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Guru Baranhttps://cybersecuritynews.com
Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments.
Trending News
Critical GitLab Vulnerabilities Enables XSS and Unauthenticated DoS Attacks
Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets
Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker
OpenAI Daybreak Automates Vulnerability Detection and Fixing
Amazon Quick Bug Exposed AI Chat Agents to Users Blocked by Custom Permissions
Latest News
Cyber Security News
Critical WordPress Plugin Vulnerability Exposes Websites to Authentication Bypass Attacks
Cyber Attack News
Fast16 Malware Manipulated Nuclear Weapons Simulation Data to Sabotage Test Results
Cyber Security News
Claude Code RCE Flaw Lets Attackers Execute Commands via Malicious Deeplinks
Cyber Security News
Grafana Labs Security Breach – Hackers Access GitHub and Download Codebase
Cyber Security News
First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days