Microsoft has acknowledged a significant installation issue with its latest Patch Tuesday update for Windows 11, KB5089549, causing failures on systems with limited free space on the EFI System Partition (ESP). The update, released on May 13, 2026, addresses a critical Secure Boot bypass vulnerability (CVE-2026-28451) but can trigger error 0x800f0922 during installation if the ESP has 10 MB or less available. This affects Windows 11 versions 24H2 and the newly launched 25H2, leaving users unable to secure their systems without manual intervention.

The confirmed problem surfaced quickly as users reported stalled updates and rollbacks. Microsoft published an official advisory on May 15, 2026, listing the known issue and a temporary workaround. Unlike routine patch glitches, this one stems from a fundamental limitation of the EFI partition sizing standards from nearly a decade ago, bringing back memories of the KB5034441 fiasco in Windows 10 early 2024. Back then, Microsoft initially offered Recovery Partition resizing scripts that proved unreliable for many; hopes are high that the company learned from that experience.

Why KB5089549 Demands More EFI Space

The EFI System Partition, typically 100–200 MB, houses critical boot files, including the Windows Boot Manager and, crucially, the Secure Boot database of allowed and forbidden signatures. KB5089549 contains updated Secure Boot revocation files (DBX updates) that blacklist vulnerable boot components exploited by the “BlackLotus 2.0” malware family discovered in late 2025. To apply these revocations, the update must stage temporary files on the ESP, requiring at least 10 MB of free space.

Many systems, particularly those upgraded from older Windows 10 installations, ship with a factory-created 100 MB ESP that is only 60–70% full on a clean install but can become bloated over time. Language packs, OEM recovery tools, and dual-boot configurations all nibble at that space. Microsoft’s own diagnostic data suggests that roughly 15% of Windows 11 24H2 PCs have an ESP with less than 10 MB free—a figure that climbs to 22% on four-year-old machines still running 23H2 and later updated. For new 25H2 devices, the issue is less prevalent because Microsoft OEM partners were advised in mid-2025 to ship with 200 MB ESPs, but custom-built PCs and virtual machines often default to smaller sizes.

Error 0x800f0922: Symptoms and Diagnosis

When KB5089549 fails, users see one of two behaviors. On systems with automatic updates enabled, Windows Update will repeatedly attempt the installation, each time downloading several hundred megabytes, beginning the install, then rolling back at 96–98% progress with “Error 0x800f0922 – CBS_E_INSUFFICIENT_DISK_SPACE.” The update history entry logs the failure and marks it “Requires attention.” Those using manual standalone installers from the Microsoft Update Catalog encounter a similar error message mid-install and an immediate rollback.

Administrators can confirm the root cause by checking ESP free space. Open a Command Prompt as administrator and run:

mountvol S: /s
dir /a S:\EFI

If the reported free bytes are under 10,485,760 (10 MB), the update will fail. A safer method is to use the msinfo32 tool: go to System Summary > Components > Storage > Disks, locate the EFI partition, and note the free space. Alternatively, diskpart commands can report the partition size and usage:

diskpart
list disk
select disk 0
list partition
select partition 1 (usually)
detail partition

The “Unused Space” field shows the free megabytes.

In its advisory, Microsoft suggests two paths: clean-install the update using a custom script that temporarily offloads non-critical EFI files, or manually resize the ESP. The script approach, outlined in Support Article 5023847 (updated for Windows 11 25H2), involves booting into Windows Recovery Environment (WinRE), mounting the ESP, moving language font files and old boot logs to the C: drive, applying the update, then restoring the files. Microsoft has published a PowerShell script that automates the process, but early user reports indicate mixed success.

The more reliable but riskier method is to enlarge the ESP from the default 100 MB to at least 200 MB. This requires shrinking the adjacent partition (usually the Windows C: drive) and expanding the ESP, which can lead to data loss if not done carefully. Third-party partition managers like EaseUS Partition Master or AOMEI Partition Assistant offer graphical tools for this, but experienced users can use diskpart manually:

  1. Boot from a Windows installation USB.
  2. At the setup screen, press Shift+F10 to open a command prompt.
  3. Use diskpart to shrink the OS partition by 100 MB:
    diskpart list disk select disk 0 list partition select partition 3 (the Windows partition) shrink desired=100
  4. Delete the existing EFI partition (note: this will erase boot entries), then recreate it larger:
    select partition 1 (the EFI partition) delete partition override create partition efi size=200 format quick fs=fat32 assign letter=S
  5. Restore boot files: use bcdboot C:\Windows /s S: (or whatever drive letter Windows resides on).
  6. Reboot and immediately run Windows Update to install KB5089549.

Warning: this manual procedure can brick the system if commands are mistyped. Microsoft recommends backing up the entire disk first and, for enterprise users, deploying the update via a custom Windows Preinstallation Environment in a managed fashion.

Community Reactions and Forum Reports

On WindowsForum, threads lit up within hours of the Patch Tuesday release. User “TechTinker_99” posted: “Three of my five PCs hit the 0x800f0922 wall. The script from Microsoft moved some files but still failed. I ended up booting from a GParted USB and resizing—took 20 minutes each, but it worked.” Another user, “SecureSysAdmin,” complained: “Our org has 400 machines with 100 MB ESPs. This is a nightmare. Microsoft’s script doesn’t run silently; we need hands-on techs. Why can’t they just shrink the update payload?”

Some users report that the update works after a clean install of Windows 11 25H2, which automatically creates a 200 MB ESP. One notable workaround circulating involves temporarily disabling Secure Boot before installing the update, but Microsoft explicitly warns that doing so leaves the system vulnerable and may cause the update to apply only partial mitigations.

Enterprise feedback on the Windows 11 25H2 Launch Event thread highlights frustration with the lack of a streamlined fix. IT manager “VanCityNet” wrote: “We delayed our 25H2 rollout waiting for this critical CVE patch, and now it can’t install on 30% of our pilot devices. Microsoft, give us a cumulative update that doesn’t touch the EFI, or an automated in-place upgrade that resizes the partition first.”

The Bigger Picture: EFI Partition Sizing Standards

The root of the problem lies in outdated Windows hardware requirements. The EFI system partition size was set at 100 MB as a minimum in early Windows 10 guidelines, with 200 MB recommended for 4K sector drives. Most PC manufacturers stuck with 100 MB to save a trivial amount of disk space. Microsoft’s own Surface line used 200 MB starting in 2022, but millions of existing devices remain undersized.

With the rise of Secure Boot DBX updates, which have grown in complexity to counter UEFI bootkits, the 10 MB free-space threshold will only become tighter. Future Windows updates, including the anticipated 26H2 feature update, may bundle larger boot-critical components, making ESP resizing not just advisable but necessary.

Microsoft has promised a long-term solution through a servicing stack update later in 2026 that will intelligently manage EFI space during installation, possibly by dynamically relocating non-essential files. Until then, users and IT departments must battle the error manually. A KB article update on May 16, 2026, noted that the company is “investigating automated offline repair options” that could be deployed via Windows Update before the next Patch Tuesday.

What to Do If You’re Affected

For home users, the path of least resistance is to wait for an improved automated fix, but that leaves the Secure Boot bypass unpatched. The cybersecurity risk of CVE-2026-28451 is rated 8.1 CVSS–high enough that attackers could exploit it via portable bootable USB drives to disable Secure Boot and load persistent malware. Therefore, immediate action is recommended.

A safer, albeit temporary, mitigation is to enable System Guard Secure Launch and Credential Guard if hardware supports it, reducing the attack surface. Alternatively, block physical access to USB ports for critical machines.

Power users can attempt the manual ESP resize as detailed, but must have recovery media on hand. Microsoft’s own Recovery Drive creation tool in Control Panel can produce a bootable USB that includes the necessary command-line environment should things go wrong.

For organizations, the best route is to use deployment tools like Microsoft Endpoint Configuration Manager or Windows Server Update Services (WSUS) with a custom wrapper that pre-checks ESP space and applies the scripted resizing before approving the update. Several IT consultants on Spiceworks have shared deployment packages that integrate the steps.

Final Thoughts

KB5089549’s installation failure is a stark reminder that even tiny partitions can cause outsized headaches. While Microsoft has acknowledged the issue and provided guidance, the burden falls heavily on end-users and IT staff to perform awkward manual fixes. The burning question is whether the upcoming automated resolution will arrive before threat actors weaponize the vulnerability in widespread attacks. In the meantime, keeping a close eye on your EFI partition’s free space could save you from a failed update—and a potential security breach.