Cybersecurity

Microsoft Fixes KB5089549 Windows 11 Security Update Install Issues

Muhammad Irfan Aslam
Muhammad Irfan Aslam 4 hours ago • 3 min read

Microsoft has resolved a known issue that was preventing the May 2026 Windows 11 security update (KB5089549) from installing on some devices and triggering 0x800f0922 error codes. The fix addresses failures caused by insufficient free space on the EFI System Partition (ESP), which caused the update to automatically roll back on affected systems.

What Was the Problem?

KB5089549, released on May 12, 2026 as part of Microsoft’s May Patch Tuesday, affected Windows 11 versions 25H2 and 24H2 (OS builds 26200.8457 and 26100.8457 respectively). On devices with 10 MB or less of free space on the EFI System Partition, the update would begin installing, progress through initial phases, and then fail at approximately 35–36% completion during the reboot phase — rolling back all changes automatically.

Affected users encountered two visible symptoms:

  • The message: “Something didn’t go as planned. Undoing changes.” after reboot
  • Event log entries referencing “SpaceCheck” and “ServicingBootFiles failed” pointing to insufficient ESP free space

Why KB5089549 Matters Beyond a Routine Update

KB5089549 is more than a standard cumulative update. It serves as a critical servicing checkpoint for three converging issues in 2026:

1. Secure Boot Certificate Rotation

Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. KB5089549 includes improvements to Microsoft’s targeting logic for deploying new Secure Boot certificates to eligible devices. Organisations that fail to install this update risk boot security issues as old certificates approach expiration. Microsoft’s guidance explicitly states: “We recommend reviewing the guidance and taking action to update certificates in advance to avoid disruption.”

2. BitLocker Recovery Fix

The April 2026 security updates introduced a bug that caused some Windows 11 systems to boot into BitLocker Recovery mode after boot file updates — particularly on devices with specific TPM validation settings or invalid PCR7 configurations. KB5089549 fixes this regression, reducing post-update disruption for enterprise devices with BitLocker encryption enabled.

3. Critical Security Patches

The update includes patches for 120 documented security vulnerabilities, including several critical CVEs. Among the most significant in the broader May 2026 patch package is CVE-2026-41089 — the Windows Netlogon stack-based buffer overflow that allows unauthenticated remote code execution on domain controllers (CVSS 9.8), which is now under active exploitation.

How to Fix Devices That Couldn’t Install KB5089549

Microsoft’s resolution addresses the ESP space issue through improved servicing logic. For devices that previously failed to install:

  1. For home users: Windows Update will automatically retry the installation once the fix is applied. Running Settings → Windows Update → Check for Updates should trigger a successful install attempt.
  2. For IT administrators: The issue is resolved by freeing space on the EFI System Partition if it is critically full. Microsoft provides guidance on safely expanding the ESP on managed devices. The KB5089549 standalone package is available from the Microsoft Update Catalog for manual deployment.
  3. Verify installation: After successful installation, confirm the OS build version shows 26100.8457 (24H2) or 26200.8457 (25H2) in Settings → System → About.

Related Issues Also Fixed

Microsoft simultaneously addressed several other update-related issues in recent weeks:

  • A Windows Autopatch bug that caused driver updates restricted by administrative policies to be incorrectly deployed on Autopatch-managed devices across the EU
  • Installation failures in third-party backup applications caused by a vulnerable driver introduced in the April 2026 security updates

Enterprise Recommendation

Given the critical security content in KB5089549 — particularly the Netlogon RCE patch and Secure Boot certificate updates — enterprise administrators should prioritise deployment across their Windows 11 fleet. The ESP space issue affected a subset of devices; the majority of Windows 11 systems should install without problems. Test in a representative pilot group, then deploy broadly. The security risk of remaining unpatched exceeds the risk of the now-fixed installation issue.

Muhammad Irfan Aslam

Muhammad Irfan Aslam

Muhammad Irfan Aslam is an IT professional and technology writer based in Riyadh, Saudi Arabia. With expertise in IT infrastructure, cybersecurity, and cloud solutions, he helps Saudi businesses navigate digital transformation aligned with Vision 2030. He covers enterprise IT services, managed support, and emerging technologies for the GCC region.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Saudi Arabia’s IT intelligence hub — cybersecurity, cloud, infrastructure & digital transformation for Vision 2030 businesses.

Riyadh, Kingdom of Saudi Arabia
[email protected]
Sun–Thu  9:00 AM – 6:00 PM AST

IT Solutions

Company

Why Visit To Me

Google News publisher
Riyadh-based IT experts
Vision 2030 aligned
NCA compliance coverage
Arabic & English content
Free IT Consultation →
© 2026 Visit To Me · IT HUB · Riyadh, Kingdom of Saudi Arabia · All rights reserved.
Privacy Policy Terms of Service Sitemap
💼
Visit Pro
AI Sales Assistant · Visit To Me
Powered by Claude AI · Visit To Me