Microsoft Confirms Windows 11 Security Update Install Issues

The May 2026 Windows 11 security update (KB5089549) hit a snag that many IT departments hadn’t anticipated: insufficient free space on the EFI System Partition (ESP). The ESP, a tiny FAT32‑formatted segment that stores boot files, often shrinks over time as OEMs and third‑party tools add firmware components. When the partition falls below roughly 10 MB, the update’s boot‑file replacement step fails, producing the 0x800f0922 error and prompting Windows to roll back the changes. For end users, the symptom is a cryptic “Something didn't go as planned. Undoing changes.” message, while logs reveal “SpaceCheck: Insufficient free space.” This failure not only stalls critical security patches but also erodes confidence in the Windows Update pipeline.

Microsoft’s immediate response centers on the Known Issue Rollback feature, a built‑in mechanism that reverses problematic updates. Administrators can also deploy a targeted Group Policy via an MSI package, temporarily disabling the offending change until a fix is released. The rollout instructions emphasize a clean reboot after policy application and caution that the rollback will suspend the update only on affected devices. For enterprises with centralized patch management, scripting the policy deployment across Active Directory or using Microsoft Endpoint Manager ensures consistent remediation and minimizes downtime.

The incident underscores a broader trend: as Windows updates grow more complex, the margin for error narrows, especially in managed environments. Recent Windows Autopatch glitches and driver‑related backup failures have already highlighted the ripple effects of a single faulty component. Organizations are therefore urged to monitor ESP health, maintain a buffer of free space, and incorporate update‑failure drills into their security playbooks. Microsoft’s forthcoming hotfix is expected to address the ESP check, but the episode serves as a reminder that proactive partition management is now a prerequisite for seamless security compliance.