HomeIntelligenceBrief
BREACH BRIEF🟡 Medium Advisory

Windows 11 May 2026 Update (KB5089549) Fails on Devices with ≤10 MB EFI Partition Space

Microsoft has verified that the May 2026 Windows 11 cumulative update aborts on systems with limited EFI System Partition space, triggering rollback errors. The issue can leave enterprise fleets unpatched and disrupt scheduled maintenance, making it a critical TPRM concern.

LiveThreat™ Intelligence · 📅 May 18, 2026· 📰 bleepingcomputer.com
🟡
Severity
Medium
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
bleepingcomputer.com

Windows 11 May 2026 Security Update (KB5089549) Fails to Install on Devices with Limited EFI Partition Space

What Happened — Microsoft confirmed that the May 2026 cumulative update KB5089549 for Windows 11 aborts on systems where the EFI System Partition (ESP) has 10 MB or less free space, returning 0x800f0922 errors and automatically rolling back at ~35 % progress.

Why It Matters for TPRM

  • Update failures can leave endpoints unpatched, exposing them to known CVEs until remediation.
  • Enterprise‑managed fleets may experience widespread service disruption during scheduled maintenance windows.
  • Mis‑sized ESP partitions are a configuration risk that can be inherited from OEM images or third‑party imaging tools.

Who Is Affected — All industries that deploy Windows 11 on desktops/laptops, with particular impact on enterprise IT environments, MSPs, and OEM‑partner devices.

Recommended Actions

  • Deploy Microsoft’s “Known Issue Rollback” feature or the referenced Group Policy to halt the faulty update.
  • Verify ESP free space > 10 MB on all managed devices; enlarge the partition where needed.
  • Adjust imaging and provisioning scripts to allocate sufficient ESP capacity for future updates.
  • Monitor Windows Update logs for 0x800f0922 errors and confirm successful remediation.

Technical Notes — The failure is triggered by a misconfiguration (insufficient free space on the EFI System Partition). No exploit or malicious code is involved, but the rollback leaves systems vulnerable to any security issues addressed by the update. Error messages include “SpaceCheck: Insufficient free space” and “ServicingBootFiles failed. Error = 0x70”. Microsoft recommends applying a specific Group Policy to temporarily disable the change causing the issue while a permanent fix is prepared. Source: BleepingComputer

📰 Original Source
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-kb5089549-windows-11-security-update-install-issues/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →