Microsoft's Patch Tuesday rollout for May 12, 2026, took an unexpected turn as the cumulative update KB5089549 for Windows 11 versions 24H2 and 25H2 began triggering installation failures and system rollbacks within hours of release. The update, intended to advance OS builds to 26100.8457 and 26200.8457 respectively, now sits at the center of a growing storm of user complaints centered on failed installations, spontaneous restarts, and in many cases, a noticeable degradation in network performance.

What was supposed to be a routine security and quality update has morphed into yet another cautionary tale about the perils of early adoption, even for patches delivered through official channels. Early indicators point to a significant subset of users encountering the same issue: the update downloads, attempts to install, reaches varying percentages of completion, and then rolls back with little more than a cryptic error code and a renewed sense of frustration.

What's Inside KB5089549?

KB5089549 is a standard cumulative update that bundles security fixes, reliability improvements, and feature enhancements for Windows 11 24H2 and 25H2. While Microsoft had not published an extensive changelog at the time of this writing, the build increments—from 26100.x and 26200.x to 26100.8457 and 26200.8457—suggest the inclusion of several weeks' worth of patches developed since the April rollup. Industry insiders anticipated the usual mix of kernel-level security mitigations, networking stack updates, and perhaps the closure of several zero-day vulnerabilities that had been flagged in the preceding month.

For enterprises, the update also carried the promise of resolving a lingering memory leak in the Windows Defender Application Guard, along with fixes for credential providers that had caused intermittent authentication delays. Home users, on the other hand, stood to gain improvements to Bluetooth audio stability and a patch for a vexing File Explorer crash that could occur when dragging files across virtual desktops.

None of that matters, of course, if the update won't install.

Installation Failures and the Dreaded Rollback

Within two hours of the 10 a.m. PT publication, reports began flooding social media and community forums. Users described a nearly identical sequence: the update would download normally via Windows Update, proceed through the "Installing – 30%" phase, stall briefly at "75%", and then trigger a system restart. Upon reboot, they'd see a message stating "We couldn't complete the updates. Undoing changes." The system would then roll back to the previous build, leaving no visible trace of KB5089549 in the update history—except for the failed attempt.

The most common error code associated with the failure is 0x800f0922, which broadly indicates a transaction failure inside the Component-Based Servicing (CBS) stack. This particular error often points to insufficient space in the system reserved partition or corruption in the TrustedInstaller service, but the sheer volume of identical reports across diverse hardware configurations suggests a deeper compatibility issue within the update package itself.

On Microsoft's Community forums, a thread titled "KB5089549 fails every time, rolls back at 75%" amassed over 200 replies by late afternoon, with affected users sharing detailed diagnostic logs. One user with a Dell XPS 15 running build 26100.8230 noted that even after running DISM and SFC scans, the update would still abort. Another, on a custom-built Ryzen 9 machine with 24H2, reported that the rollback corrupted their existing Bluetooth drivers, forcing a manual reinstall.

Enterprise administrators on Reddit's r/sysadmin weighed in, too. Several testing rings in corporate environments saw failure rates exceeding 40% on pilot machines, prompting an immediate hold on the deployment. One admin wrote, "We've paused the update via WSUS until further notice. We can't afford to have half our endpoints in a reboot loop during business hours."

The Network Slowness Connection

Even more troubling is a secondary pattern that has emerged from the first wave of reports: for those few systems that did manage to install KB5089549 successfully, a subset is now exhibiting significant network performance degradation. Symptoms include sharply reduced throughput on both wired and wireless connections, latency spikes in the range of 200–400ms, and DNS resolution delays that make basic web browsing feel sluggish.

On a ThinkPad T14s that completed the update without issue, the owner ran a before-and-after speed test. Pre-update, the laptop consistently pulled 940 Mbps down and 42 Mbps up over a 2.5 Gbps Ethernet link. Post-update, the same test maxed out at 320 Mbps down and saw uploads crater to 4.8 Mbps. Wi-Fi 6E performance on that machine dropped from 1.2 Gbps to just under 400 Mbps, with a noticeable increase in jitter during Teams calls.

Analysis of Event Viewer logs on affected machines points to repeated entries from the NDIS (Network Driver Interface Specification) subsystem. These logs show error 0xD0000006, "The network adapter encountered an internal error," occurring every 15 to 30 minutes. That error is typically associated with a driver stack mismatch or a faulty networking component within the kernel. Given that KB5089549 updates several core networking .sys files—including ndis.sys, tcpip.sys, and netio.sys—it's plausible that a regression in one of these system files is behind the performance hit.

Windows Forum contributor "NetEngr2026" posted a detailed trace route comparison that illustrates the problem vividly. To the same public DNS server, hop-by-hop latency was up to three times higher after the update, with the greatest delays introduced at the first hop—right at the local interface. That points squarely at the operating system's network stack rather than any external infrastructure.

What's the Root Cause?

At this stage, without official word from Microsoft, the exact cause remains speculative, but the evidence points in two complementary directions.

First, the installation failure and rollback loop likely stem from a servicing stack inconsistency. The update may be making an erroneous assumption about the state of the Secure Boot policy or the TPM 2.0 configuration, which are mandatory for Windows 11. A mismatch there would cause the transaction to fail during the staging phase—exactly the 75% mark where many users see the crash. This theory is bolstered by reports that some systems with TPM attestation disabled via group policy are able to install the update, only to then experience the networking issues.

Second, the network slowdown appears to be a classic case of a faulty driver or kernel component that passes through the build process without proper validation. The ndis.sys file version that ships with KB5089549—10.0.26100.8457—shows a timestamp only two days before the public release, suggesting a last-minute patch that may not have undergone the usual Insider testing rings. If that driver carries an incorrect interrupt moderation setting or an off-by-one buffer alignment error, the result would be exactly the kind of poor throughput and hardware errors logged in Event Viewer.

User Reactions and Workarounds

Across the Windows enthusiast community, the mood has swung from disappointment to weary resignation. "Here we go again" was a common refrain on the Windows News forums, where veterans of the infamous October 2024 PrinterGate update recalled a similarly rocky rollout.

In the absence of an official fix, affected users have been sharing a few stopgap measures. For those stuck in the rollback loop, the most reliable workaround so far is to pause updates entirely—navigating to Settings > Windows Update and hitting the "Pause for 1 week" button, then repeating as needed. Some users report that running the Windows Update Troubleshooter, followed by a manual installation using the Microsoft Update Catalog .msu file, has yielded success on a second attempt, but the success rate is low.

For the network slowness, a handful of testers on the Windows Insider subreddit have found that uninstalling the update—via Settings > Windows Update > Update history > Uninstall updates—restores full bandwidth. This confirms that KB5089549's changes are directly responsible. However, uninstalling a security update is never advisable for long, as it leaves the system exposed to patched vulnerabilities.

Enterprise administrators have taken a more formal approach, using Group Policy to defer the update for 60 days and, in some cases, blocking it outright via Microsoft Endpoint Manager. Several third-party patch management tools have also added flags to hold KB5089549 pending further investigation.

What Microsoft Needs to Do

As of now, Microsoft has not publicly acknowledged the issues, though internal telemetry likely paints a stark picture. The company's standard playbook for such scenarios involves a quick investigation, a temporary hold on the update via Known Issue Rollback (KIR), and the issuance of an out-of-band (OOB) fix within a few days. But the scale of this problem—spanning two major Windows 11 versions and affecting both consumers and enterprises—may demand a faster response.

In the best-case scenario, the root cause is a single flawed file that can be replaced via a small delta patch, delivered through Windows Update without requiring a full build upgrade. That would allow the hundreds of thousands of systems still stuck on the previous build to move forward without a complete reinstallation. A worst-case scenario would involve a servicing stack corruption so deep that it requires the Windows Update agent itself to be replaced—a process that historically takes much longer.

For the network issue, a targeted microcode update or a corrected ndis.sys file could be delivered as a standalone driver update through Windows Update. That would preserve the security fixes from KB5089549 while resolving the performance regression.

Lessons for Windows Users

The KB5089549 debacle is a stark reminder that even the most mature software distribution pipelines are not immune to errors. For everyday users, the immediate takeaway is to exercise caution with Patch Tuesday updates, especially on hardware that is mission-critical. Delaying updates by a few days—what many call the "wait to see" approach—can spare you hours of troubleshooting.

For businesses, robust patch testing on a representative sample of devices before broad deployment is no longer optional; it's table stakes. The posts from enterprise admins who caught the issue in their test rings before it hit production serve as a model for responsible update management.

In the coming days, all eyes will be on Microsoft's Windows health dashboard. The question is not if a fix will arrive, but how soon—and whether it will fully restore the trust that has once again been shaken by a flawed mandatory update.