Microsoft confirmed on May 15, 2026, that the May security update for Windows 11, KB5089549, is hitting an installation wall on devices running versions 24H2 and 25H2 when the EFI System Partition (ESP) lacks sufficient free space. The company did not immediately reissue the update but instead deployed a Known Issue Rollback (KIR) to neutralize the problematic code path, letting administrators and users breathe while the underlying installation logic gets a permanent fix.

For affected PCs, the update fails with a cryptic error during the installation process, often rolling back after a reboot. The root cause is a space check within the servicing stack that determines whether there is enough room to stage temporary files on the ESP—the small FAT32 partition that houses the Windows Boot Manager and other critical firmware files. On modern UEFI-based systems, the ESP is typically 100 MB, but a combination of multiple boot entries, recovery tools, and firmware updates can eat into that space over time.

What You Need to Know About the EFI System Partition

The EFI System Partition is a mandatory component on any UEFI-based PC. UEFI firmware reads this partition to locate the boot loader, which then hands off control to the operating system. By default, Windows creates a 100 MB ESP during setup, but that size hasn’t changed much since the Windows 8 era, even as boot configurations have grown more complex.

Over years of usage, a machine can accumulate multiple boot entries—from dual-boot setups, previous Windows versions, or manufacturer-specific recovery tools. Each entry consumes a small amount of space, but collectively they can shrink free space below the threshold required for update staging. When KB5089549 tries to write its payload, the servicing stack detects insufficient free bytes and aborts the installation.

The issue isn’t new. Similar EFI space shortages have plagued Windows updates in the past, most notably with the Windows 10 20H2 and 21H1 enablement packages, where Microsoft eventually released a dedicated cleanup tool. However, KB5089549 represents the first time the problem has surfaced for a single monthly security update on Windows 11, likely due to larger cumulative update packages or a new integrity verification method that demands more temporary working space.

Why KB5089549 Hits a Wall on Low EFI Space

KB5089549 is a mandatory security update that addresses multiple vulnerabilities in the Windows kernel, graphics components, and the Secure Boot chain. Its installer must mount the ESP to update boot-related files and validate cryptographic signatures, a process that involves copying files into a temporary staging area. If the ESP has less than roughly 50 MB of free space—the exact threshold isn’t publicly documented by Microsoft—the operation fails.

The failure is not silent for most users. Windows Update reports an installation error, often 0x800f0922 or 0x80070002, and the update history marks the attempt as “Failed to install.” IT admins see similar failures in Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager, with logs pointing to capacity errors during boot file staging.

After investigating reports on Feedback Hub and the Windows release health dashboard, Microsoft traced the problem to a logic flaw in the update’s space calculation routine. Rather than politely skipping the boot file update when space is tight, the installer hard-fails the entire transaction. That hard failure triggers the rollback of the entire cumulative update, leaving the system unpatched until the ESP is cleaned up.

Known Issue Rollback to the Rescue

Instead of pulling the update or rushing out a revised version, Microsoft activated a Known Issue Rollback—a mechanism introduced in Windows 10 version 20H1 and refined in Windows 11. KIR allows Microsoft to remotely disable specific code changes within an update without altering the binary files. Think of it as a kill switch for problematic features or fixes.

When Microsoft detects a widespread issue, it publishes a rollback policy through Windows Update. Devices that contact the update service receive a small policy file that instructs the servicing stack to ignore the designated code path. In this case, the rollback tells the installer to bypass the strict ESP free-space check, allowing the update to complete even if the partition is fuller than the original threshold. The security fixes are still applied; only the logic that triggers the failure is turned off.

The rollback is effective almost immediately for consumer devices, but managed environments may require up to 24 hours to receive the policy, depending on their update scanning cycle. Microsoft made the rollback available starting May 15, 2026, just 48 hours after the update’s initial release on Patch Tuesday.

How the Rollback Works in Practice

For typical home users and devices connected directly to Windows Update, no manual action is required. The rollback policy downloads silently in the background and is applied during the next update check. Once in place, retrying the KB5089549 installation should succeed. Users may need to manually click “Check for updates” or run the Windows Update troubleshooter to retrigger the installation.

Enterprise administrators who manage updates through WSUS or Microsoft Configuration Manager have a couple of options. They can either wait for the automatic policy propagation or pre-emptively configure the rollback via Group Policy. Microsoft provides a specific Group Policy setting under Computer Configuration > Administrative Templates > Known Issue Rollback. By enabling the policy and entering the zero-length string for the rollback identifier (the company typically publishes this identifier on the release health dashboard), admins can force the rollback immediately across their fleet.

It’s worth noting that the KIR is a temporary mitigation, not a permanent fix. Microsoft’s engineering team is currently developing a revised update package that will include a more tolerant space-check algorithm, expected to ship with the June 2026 cumulative update. At that point, the rollback will be automatically expired or superseded by the newer binaries.

What Users Can Do Right Now

If you’re stuck with a failed KB5089549 and can’t wait for the automatic rollback, there are a few immediate steps you can take.

Free up ESP space manually. This is the most direct solution. Open an elevated Command Prompt and run mountvol X: /S to assign a drive letter to the ESP. Then navigate to X:\EFI and look for duplicate or obsolete boot entries—folders named after old operating systems, for example. Be cautious: deleting the wrong folder can render the system unbootable. Focus on folders like Microsoft that contain old recovery files, but do not touch the Boot folder. After cleanup, unmount the partition with mountvol X: /D.

Use Disk Cleanup and third-party tools. The standard Disk Cleanup utility doesn’t touch the ESP, but the “Extended Disk Cleanup” option (cleanmgr /sageset:65535) sometimes reveals additional categories. More effectively, bootable USB tools like GParted or dedicated ESP cleaners can resize or clean the FAT32 partition without reinstalling Windows.

Resize the EFI partition. This is an advanced operation. Using a partition manager, you can shrink the C drive and expand the ESP. Microsoft’s own MBR2GPT tool historically suggested an ESP size of 100 MB, but some OEMs are now moving to 200 MB or even 300 MB to avoid future issues. A safe minimum for Windows 11 is 260 MB per Microsoft’s latest recommendations for BitLocker and update reliability.

Check for the rollback policy. You can verify whether the rollback is active by opening the Local Group Policy Editor and navigating to the Known Issue Rollback settings. If the policy is present and enabled, it should display the rollback identifier (usually a GUID). If missing, force a sync with gpupdate /force and restart.

Stay current on servicing stack updates. The servicing stack is a component that handles update installation. Occasionally, servicing stack updates include improvements to how updates interact with the ESP. Make sure you have the latest servicing stack update for your Windows version, as it may contain independent fixes that reduce the risk of such failures.

The Bigger Picture: EFI Space Management

The KB5089549 glitch underscores a long-standing pain point in Windows Update architecture: the tight coupling between cumulative updates and the EFI system partition. As boot security becomes more layered—with requirements like Secure Boot, Trusted Boot, and Measured Boot—the ESP’s role has expanded from a simple boot loader host to a critical staging area for cryptographic operations during updates.

Microsoft has been gradually hardening the ESP access model to comply with Secure Boot integrity standards. That hardening, however, introduces new constraints on space and file placement that older systems weren’t designed to meet. The result is a growing class of “update fails due to ESP” incidents that, while usually manageable, create confusion and support calls.

The Known Issue Rollback is a clever stopgap, but it doesn’t address the underlying problem of undersized ESPs. Many PCs sold in the Windows 10 era, and even some early Windows 11 devices, shipped with the bare-minimum 100 MB partition. Without proactive maintenance or manufacturer updates that reconfigure the partition layout, these machines will continue to encounter space-related failures with future updates.

Microsoft’s long-term solution appears to be a two-pronged approach: first, update the servicing stack to better handle low-space conditions and perhaps defer non-critical ESP writes; second, encourage OEMs to adopt larger ESPs for new hardware. The company’s latest IoT and enterprise Windows images already set the ESP to 260 MB, hinting that a broader recommendation or enforcement may come in future Windows 11 feature releases.

For users and administrators caught in the middle, the May 2026 incident is a reminder to audit EFI partition health regularly. Simple commands like diskpart and bcdedit can provide insight into current ESP usage and boot entries. A proactive cleanup not only smooths the update process but also reduces boot-related vulnerabilities that rely on outdated or duplicate boot managers.

In the meantime, the KB5089549 rollback should restore full functionality to impacted devices within a day. Microsoft has promised a permanent fix in the next cumulative update cycle, and the Windows release health dashboard will be updated with further details as they become available. Until then, the combination of the automatic rollback and the manual cleanup options offers a clear path back to a patched and secure Windows 11.