Security update Archives

Winsage

May 20, 2026

Microsoft confirms Windows 11’s May 2026 update is failing to install with error 0x800f0922 and outlines a mitigation for affected PCs

Microsoft has acknowledged installation issues with the May 2026 Security Update for Windows 11, specifically error code 0x800f0922, affecting devices on versions 24H2 and 25H2 after installing update (KB5089549) released on May 12. The failures occur during the reboot phase, often around 35 percent, primarily on devices with 10MB or less free space in the EFI System Partition (ESP). For consumer and unmanaged business devices, Microsoft has implemented a Known Issue Rollback (KIR), and restarting the computer may resolve the issue. For managed devices, network administrators must manually deploy a Group Policy workaround. Microsoft suggests modifying a Registry value to decrease reserved padding in the EFI partition as a potential fix, along with restarting the computer and checking for updates. A permanent solution is planned for a future Windows update.

Winsage

May 20, 2026

How To Mitigate The Microsoft Windows BitLocker ‘Angry Hacker’ 0-Day

Microsoft is addressing a zero-day exploit known as YellowKey, identified as CVE-2026-45585, which allows attackers to bypass BitLocker security using a specially crafted USB device. Following the release of exploit code by a hacker named Chaotic Eclipse, Microsoft has issued urgent mitigation advice. Cybersecurity expert Neena Sharma recommends treating this as an active threat and suggests implementing compensating controls, such as restricting USB boot access, until a patch is available. Microsoft has provided guidance for users to protect their systems, including the recommendation to add a PIN to BitLocker protection to reduce the risk of exploitation. Detailed instructions for adding a PIN are included in the advisory. YellowKey has not yet been exploited in the wild but requires physical access to the device.

Winsage

May 19, 2026

Yet Another Windows Update Done In By The EFI System Partition

The EFI System Partition (ESP) is an important part of modern computing that users are generally advised to avoid tampering with. Insufficient space on the EFI partition can lead to ambiguous error messages during updates, particularly with Microsoft’s security updates. The EFI partition is typically mapped to drive Y:, but may also be assigned to Z: or other letters. In some cases, such as transitioning from Windows 10 to Windows 11, users may need to access the EFI partition, where one solution involves removing TrueType Font (TTF) files under EFIMicrosoftBootFonts. However, caution is advised when handling the EFI partition, as mistakes can prevent the operating system from booting.

Winsage

May 19, 2026

Windows Still Vulnerable Despite Microsoft Patch

A vulnerability known as "MiniPlasma," identified as CVE-2020-17103 by Google Project Zero, allows attackers to gain system privileges by exploiting a flaw in the cloud filter driver cldflt.sys. Despite Microsoft's announcement of a fix, independent tests, including simulations on fully patched systems, have confirmed that the exploit remains effective. Security researcher "Chaotic Eclipse" has reported that the vulnerability still operates, while another researcher, Nightmare Eclipse, aims to highlight flaws in Microsoft's security policies. There are indications that a newer insider version of Windows 11 may have resolved the issue, and Microsoft is investigating the matter.

Winsage

May 19, 2026

Microsoft confirms patching issues in restricted Windows networks

Microsoft has issued a service alert indicating that customers in restricted network environments may encounter Windows Update failures, specifically error code 0x80010002, after installing the January 2026 optional non-security preview updates. Affected devices might download the February monthly Windows security update but could struggle with updates released in March and beyond due to changes in download timeout requirements. Microsoft is working on a resolution, and IT administrators can use Known Issue Rollback (KIR) as a workaround by configuring the appropriate Group Policy for their Windows version. A device restart is required to apply these settings. Historical issues include a bug fixed in April 2025 affecting WSUS installations and another issue resolved in August 2025 related to the Windows 11 24H2 cumulative update. Additionally, a KIR fix was provided for a known issue causing the May 2026 Windows 11 security update to fail with error code 0x800f0922.

Winsage

May 18, 2026

Windows boot partition runs out of space for Microsoft’s May security update

Microsoft has acknowledged a potential issue with its May 2026 security update, which may fail to install properly due to insufficient space in the EFI System Partition (ESP). If the available space in the ESP drops below 10 MB, users may encounter a 0x800f0922 error code, leading to installation failures during the reboot phase. This issue affects Windows 11 versions 25H2 and 24H2. Microsoft has proposed two solutions: a registry edit or a Known Issue Rollback (KIR), which has already propagated to consumer and non-managed business devices. The update addresses several critical Microsoft CVEs, although there have been no reports of active exploitation.

Winsage

May 18, 2026

Microsoft confirms Windows 11 security update install issues

Microsoft has acknowledged a significant issue with the May 2026 Windows 11 security update, KB5089549, where users are encountering difficulties in installation, specifically the 0x800f0922 error code. This issue is primarily due to insufficient free space on the EFI System Partition (ESP), especially for devices with 10 MB or less available. The installation may fail during the reboot phase at around 35–36% completion, with users receiving notifications like "Something didn't go as planned. Undoing changes." Log entries may indicate insufficient ESP free space, such as "SpaceCheck: Insufficient free space" and "ServicingBootFiles failed. Error = 0x70." Microsoft recommends affected users utilize the Known Issue Rollback feature to reverse problematic updates and advises IT departments to install and configure the relevant Group Policy to address the issue.

Winsage

May 18, 2026

Microsoft Changes ‘Most Windows Devices’ In June—Update Yours Now

Microsoft has alerted users that Secure Boot certificates will begin to expire in June, affecting most Windows devices. Users must update these certificates to avoid disruptions, as failing to install the latest Windows update could prevent devices from booting securely. A "one-time restart" will be required after the update to load new certificates. If the update is not installed by June 1, users may see a red stop icon in the Windows Security app. The update issued on May 12 was modified on May 15 to warn that it might fail to install. Microsoft indicates that most users will need to restart their PCs, although this may revert the update. The latest updates will expand the number of devices eligible for new Secure Boot certificates, but users are uncertain about how many PCs will be affected due to a phased rollout approach.

Winsage

May 15, 2026

Microsoft fixes a major BitLocker bug… but leaves Windows 10 users hanging (for now)

Microsoft confirmed a BitLocker-related issue caused by the April 2026 Security Update (KB5083769) for Windows 11, which led some devices to boot into the BitLocker recovery screen. A fix has been released, but it is currently available only for Windows 11, version 25H2, with Windows 10 and Windows Server users awaiting a solution. Administrators are advised to remove the "Configure TPM platform validation profile for native UEFI firmware configurations" Group Policy setting before installing the April 2026 update. Additionally, a security researcher named Chaotic Eclipse has developed a zero-day exploit called YellowKey, which can bypass BitLocker security using a USB stick, affecting Windows Server 2022 and 2025 but not Windows 10.

Winsage

May 14, 2026

‘Avoid Disruption’—Microsoft Updates Windows Before June Deadline

Microsoft has released a security update for Windows 10 users, identified as KB5087544, which includes dynamic status reporting for Secure Boot states. Secure Boot certificates, in place for 15 years, are set to expire next month, and Microsoft advises users to update their certificates to avoid security risks. All Windows 10 PCs will require new certificates, but only those in the Extended Security Updates (ESU) program will be eligible for the update. Most Windows 11 devices will also need new certificates, except those purchased in the last two years. Failure to install the new certificates may affect device boot security. The update also addresses a security warning related to Remote Desktop Connection and may prompt some users to enter a BitLocker recovery key after restarting. New certificates will only be issued to devices that show successful update signals, and users should upgrade their Windows Security App to address potential issues. Notifications will be sent once new Secure Boot certificates are installed.