Microsoft’s May 12, 2026 Patch Tuesday security update KB5089549 is repeatedly failing to install on a growing number of Windows 11 24H2 and 25H2 devices, with affected systems rolling back the update at around 35 percent completion and displaying error 0x800f0922. The root cause traces back to the EFI System Partition (ESP) running out of free space—a problem Microsoft has grappled with before, most notably with the Windows Recovery Environment (WinRE) update in early 2024. For IT administrators and home users alike, the failed install creates a critical security gap, as KB5089549 patches three actively exploited zero‑day vulnerabilities in the Windows kernel and graphics subsystem.

The Update That Refuses to Stick

KB5089549 arrived as part of Microsoft’s regular May 2026 security release, weighing in at roughly 1.2 GB for x64 systems. It addresses CVE‑2026‑3842, a privilege escalation flaw in the Windows kernel that allowed attackers to gain SYSTEM privileges via a crafted file operation; CVE‑2026‑3881, a remote code execution bug in the Graphics Device Interface (GDI); and CVE‑2026‑3910, an information disclosure vulnerability in the Windows Secure Kernel. All three have confirmed exploit code in the wild, making expedited patching a priority for every organization.

Yet within hours of release, reports began surfacing on Microsoft’s own community forums, Reddit’s r/Windows11, and enterprise IT channels that the update stalls midway through installation. Users describe a predictable pattern: the update downloads, the system reboots, installation progresses to between 35 and 36 percent, then the system restarts again and rolls back with “Update failed” and the hexadecimal error 0x800f0922. Some machines attempt the installation two or three times before Windows Update marks the patch as “pending restart” indefinitely.

What Error 0x800f0922 Actually Means

Error 0x800f0922 is not new to Windows insiders. Microsoft’s documentation defines it as “the update failed to download or install because the System Reserved partition or EFI System Partition is full.” On modern UEFI‑based Windows 11 machines, the EFI System Partition is a small, FAT32‑formatted partition that stores the bootloader, boot configuration database (BCD), and, critically, recovery environment files. The default size created by Windows Setup has long been 100 MB—a figure that proved inadequate during the WinRE fiasco of KB5034441 in January 2024. Back then, Microsoft had to release a PowerShell script to enlarge the Recovery partition. Now, KB5089549 appears to need additional space for updated secure boot revocation list (DBX) components and a new, larger pre‑boot recovery environment image.

A Windows engineer familiar with the update’s internals, speaking on condition of anonymity, explained: “The May 2026 cumulative update includes a critical firmware update for UEFI Secure Boot. The new DBX file, which revokes vulnerable bootloaders, is substantially larger than previous versions. The installer tries to stage it on the ESP before commit, and if the ESP doesn’t have at least 250 MB free—depending on how much space is already consumed by other boot files—the transaction fails.” This aligns with reports from affected users; one IT admin noted that their systems with 100 MB ESPs had as little as 2.3 MB free before attempting the install, while a machine with a manually resized 512 MB ESP installed KB5089549 without a hitch.

Why 35 Percent Matters

The installation percentage is a rough progress indicator tied to the Component Based Servicing (CBS) stack. At around 35 percent, the servicing stack is finalizing the pre‑staging of the “online” and “offline” payloads. It is at this exact point that the update tries to write the new DBX and WinRE images to the ESP. If the write fails, the servicing stack triggers a rollback and logs event ID 20 in the System event log with source “Microsoft-Windows-WindowsUpdateClient,” alongside the 0x800f0922 code. The subsequent reboot is the rollback itself, leaving the system in its pre‑update state.

Microsoft’s Response and Known Workarounds

As of this writing, Microsoft has not released an out‑of‑band fix or an automated tool to address the ESP size limitation for KB5089549. A support document, KB5089549-1, published 24 hours after the initial reports, acknowledges the issue and recommends that users “verify that the EFI System Partition has at least 500 MB of free space” before attempting installation. The document links to a generic DiskPart script but includes a stern warning that resizing partitions carries risk of data loss and system unbootability. It also notes that the company is “investigating an automated servicing improvement” that might dynamically resize the ESP during feature updates in the future, but that will not help current users on 24H2 or 25H2.

For those willing to brave the manual fix, the procedure is straightforward but demands precision:

  1. Open Command Prompt as Administrator.
  2. Launch DiskPart. List disks and select the system disk.
  3. Identify the EFI System Partition (usually around 100–260 MB, labeled “System” and type “EFI”).
  4. If there is unallocated space immediately after the ESP, use extend size=400 to add 400 MB. If not, the process is far more complex, often requiring a third‑party partition manager like EaseUS Partition Master or MiniTool Partition Wizard to move the operating system partition and create free space.
  5. Rebuild the BCD with bcdboot C:\\Windows /s S: (where S: is the assigned letter for the ESP) as a safety measure.

Caution: This is not for novice users. One misstep during partition resizing can render a system unbootable. Enterprise environments with a standard imaging process should consider enlarging the ESP in their master images—ideally to at least 1 GB to future‑proof against similar updates.

Enterprise Impact and Mitigation Strategies

For IT departments managing hundreds or thousands of endpoints, the update failure quickly escalates from a nuisance to a security compliance emergency. The zero‑day patches in KB5089549 are rated “Critical” by Microsoft’s own severity scoring, and organizations bound by regulatory frameworks like PCI‑DSS or HIPAA face immediate pressure to deploy.

Several system administrators reported that their endpoint management platforms, including Microsoft Intune and third‑party tools like Tanium, are flagging devices as non‑compliant because the patch never completes. An Intune engineer shared on TechCommunity that they configured a proactive remediation script to check ESP free space and, if below 250 MB, to log a warning and defer the update. However, this merely postpones the issue.

A more robust workaround, used by a large financial services firm and later published in their public blog, involves virtualizing the EFI environment. They created a USB bootable Windows PE that temporarily mounts the ESP and applies the DBX update offline using Apply-SecureBootDBUpdate.ps1, a PowerShell script from Microsoft’s own Secure Boot DBX update package. This bypasses the online installer’s space checks but requires physical or out‑of‑band access to each machine.

User Reports Paint a Frustrating Picture

Community forums are awash with complaints. A thread on Microsoft Answers, titled “KB5089549 fails at 35% – error 0x800f0922 – Windows 11 Pro 24H2,” has amassed over 870 replies in two days. “I’ve tried the Windows Update troubleshooter, I’ve reset the update components, I’ve even done an in‑place upgrade—same error,” wrote user Alex_IT_PNW. “My C: drive has 200 GB free, but the ESP is at 98% capacity. Why doesn’t Microsoft check for this before pushing an update?”

On Reddit, u/sysadmin_mike posted a workaround using the open‑source tool Ventoy to resize the ESP from a bootable Linux USB stick, garnering mixed reactions. “Worked for my three test machines, but I’d never roll this out to production without a solid backup plan,” they commented. Another user, u/techmama2026, bemoaned the lack of clear communication: “My 70‑year‑old mom’s laptop keeps rebooting trying to install this. She’s scared to use her PC now. Microsoft needs to own this mistake.”

KB5089549 is far from an isolated incident. The default ESP size of 100 MB has been a ticking time bomb since Windows 11’s launch. In January 2024, KB5034441 failed with error 0x80070643 on machines with insufficient Recovery partition space, forcing Microsoft to issue manual resizing instructions and later an optional automated script. In March 2025, a Windows 11 24H2 preview update failed to install on some Dell and HP laptops because their OEM‑configured ESPs were 260 MB but already crowded with custom recovery tools and dual‑boot Linux entries. Each time, the echo from the community is the same: why does Windows Setup still create such a tiny partition?

Microsoft’s official documentation for OEMs recommends a minimum ESP size of 260 MB for Windows 11, but many devices shipped with older partitions cloned from Windows 10 installations. The company has been reluctant to automatically shrink the primary partition and enlarge the ESP, partly because resizing system partitions on‑line carries a small but real risk of data corruption, and partly because the Extensible Firmware Interface (EFI) specification prohibits Windows from modifying partitions that might be in use by other operating systems. However, industry insiders point to Apple’s seamless APFS partition resizing in macOS as evidence that such operations can be made safe and transparent.

What Microsoft Should Do Next

At minimum, Windows Update should perform a pre‑flight check of ESP free space before starting the download of KB5089549. The servicing stack already runs a compatibility scan for driver blocks and app compatibility; adding a disk space heuristic for critical partitions would prevent the frustrating failure loop. Microsoft could also follow the model of Server updates, which often include a separate “servicing stack update” that must be installed first. A pre‑update that dynamically enlarges the ESP to a safe threshold would solve the problem permanently for millions of machines.

For now, the burden falls on users and IT pros. If you’ve been impacted, the simplest path—assuming your ESP has no unallocated space after it—is to backup your data and use a third‑party partition tool from a bootable USB to shift the OS partition and extend the ESP to at least 1 GB. The popular free tools EaseUS Partition Master and MiniTool Partition Wizard both offer this capability in their bootable media. After resizing, you may need to run chkdsk on the C: drive due to the shift, but the update should then install normally.

Alternatively, postponing the update carries risk. The patched vulnerabilities are weaponized by at least two known ransomware affiliates, according to analysts at Mandiant. Organizations should weigh the operational risk of manual ESP resizing against the very real threat of exploitation.

Looking Forward

Microsoft’s sluggish response to a recurring, ecosystem‑wide flaw underscores a larger communication problem. Windows 11’s user base is diverse, ranging from tech‑savvy enthusiasts to casual users who have never heard of a “partition.” When a critical security update fails with an opaque hexadecimal code and no built‑in remediation, it erodes trust and leaves devices exposed. The company must prioritize creating a self‑healing partition management system—one that can safely borrow a few hundred megabytes from the Windows partition during update preparation, without user intervention.

In the meantime, the May 2026 Patch Tuesday will be remembered not for the vulnerabilities it closed, but for the ones it left open on countless unprotected PCs. If you haven’t yet, check your ESP free space (run mountvol S: /s in Command Prompt, then dir S: to see usage) and prepare for battle with KB5089549.