update failures Archives

Winsage

June 1, 2026

Microsoft confirms Windows 11 update is failing on some PCs, explains if you need a workaround

Microsoft has identified the root cause of installation issues related to the May 2026 update for Windows operating system and is rolling out a solution through an optional update, KB5089573. The May 12, 2026, Patch Tuesday update (KB5089549) introduced enhancements but many users faced installation failures due to error code “0x800f0922,” indicating insufficient space on the EFI System Partition (ESP). The ESP is critical for boot files and typically occupies around 256MB. Users can check ESP storage using a specific command. Low ESP space can lead to update failures, particularly when it drops below 10MB. Microsoft has rolled back problematic code and provided a fix in the optional update KB5089573, which resolves ESP space issues and ensures future updates will proceed smoothly. Users are encouraged to install this update or wait for the next scheduled Patch Tuesday update on June 9, 2026.

Winsage

May 28, 2026

Your Windows PC has a security deadline in June 2026

A Secure Boot certificate refresh is being deployed across supported Windows devices via Windows Update. The Secure Boot certificates from 2011 will begin to expire in June 2026, prompting Microsoft to introduce new 2023-dated certificates to maintain security. Most users will require minimal action if their PCs are updated, but older devices may face challenges. The current certificates include: - Microsoft Corporation KEK CA 2011: expires June 24, 2026 - Microsoft UEFI CA 2011: expires June 27, 2026 - Microsoft Windows Production PCA 2011: expires October 19, 2026 The new certificates will remain valid until 2038, with plans for post-quantum cryptography around 2030. While PCs using the 2011 certificates will continue to function, they will lose access to new security protections, making them vulnerable to emerging threats. A notable example of such a threat is the BlackLotus bootkit, which exploited vulnerabilities to bypass Secure Boot. Microsoft's rollout strategy involves a staged update process that typically takes around 48 hours and may require restarts. Users are advised to keep Windows updated and check their Secure Boot status. Known issues may arise for older PCs, systems that bypassed Windows 11 requirements, Legacy BIOS systems, and custom firmware configurations. IT teams managing devices should inventory their systems, monitor specific event IDs, test updates, and document devices that cannot be updated.

Winsage

May 26, 2026

Microsoft: Domain Controller lookup may fail on Windows Server 2016

Microsoft has acknowledged an issue affecting Windows Server 2016 systems related to domain controller lookups after the installation of the KB5087537 security update released in May 2026. The problem occurs specifically for devices with hostnames that are exactly 15 characters long, causing domain controller discovery to fail and resulting in an ERRORINVALIDPARAMETER during DCLocator calls. This issue may disrupt administrative operations that depend on domain controller lookups, such as DFS Namespace management. Microsoft is investigating the issue but has not provided a timeline for resolution.

Winsage

May 21, 2026

Microsoft Defender Zero-Day Vulnerabilities RedSun and UnDefend Actively Exploited on Windows 10, 11, and Server (April 2026 CVE Analysis)

In April 2026, two zero-day vulnerabilities, RedSun and UnDefend, were discovered in Microsoft Defender, affecting Windows 10, Windows 11, and Windows Server platforms. These vulnerabilities allow attackers to escalate privileges to SYSTEM and bypass Defender’s protections. RedSun exploits a flaw in Defender's remediation process, enabling low-privileged users to overwrite critical system files. UnDefend allows attackers to disrupt Defender’s updates, keeping it outdated and ineffective. Both vulnerabilities are actively being exploited, with attackers leveraging them to gain persistent access and deploy ransomware. The primary targets are organizations using Windows systems with Defender enabled, particularly in sectors like finance, healthcare, and government. Mitigation strategies include applying updates for related vulnerabilities, monitoring for suspicious activities, and implementing additional security measures.

Winsage

May 19, 2026

Microsoft confirms patching issues in restricted Windows networks

Microsoft has issued a service alert indicating that customers in restricted network environments may encounter Windows Update failures, specifically error code 0x80010002, after installing the January 2026 optional non-security preview updates. Affected devices might download the February monthly Windows security update but could struggle with updates released in March and beyond due to changes in download timeout requirements. Microsoft is working on a resolution, and IT administrators can use Known Issue Rollback (KIR) as a workaround by configuring the appropriate Group Policy for their Windows version. A device restart is required to apply these settings. Historical issues include a bug fixed in April 2025 affecting WSUS installations and another issue resolved in August 2025 related to the Windows 11 24H2 cumulative update. Additionally, a KIR fix was provided for a known issue causing the May 2026 Windows 11 security update to fail with error code 0x800f0922.

Winsage

May 5, 2026

April 2026 Windows Update Breaks Third-Party Backup Software by Blocking Vulnerable Driver

Microsoft will include the psmounterex.sys driver in its Vulnerable Driver Blocklist in the April 2026 security update, affecting third-party backup applications that use this driver for image mounting and Volume Shadow Copy Service (VSS) snapshots. This decision addresses CVE-2023-43896, a critical buffer overflow vulnerability. Affected software includes Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup on Windows 11, Windows 10, and Windows Server platforms. Users may face issues during image-mount operations, receiving error messages related to VSS timeouts and Code Integrity errors in the Event Viewer. To check if a system is affected, users can look for Event ID 3077 in the Code Integrity Operational log. Microsoft recommends upgrading to newer versions of backup applications that do not use blocked drivers and advises against uninstalling or delaying the April update. Additionally, the update may cause certain Windows Server 2025 devices to boot into BitLocker recovery mode and has led to out-of-band updates for Windows Server update failures and restart loops on domain controllers.

Winsage

April 24, 2026

Your Windows update experience just got updated

Windows Insiders are receiving enhancements to the Windows Update experience based on user feedback, focusing on providing more control and reducing disruptions. Key features include: 1. The ability to skip updates during the out-of-box experience (OOBE). 2. Extended options for pausing updates for up to 35 days, with the ability to re-pause as needed. 3. Separation of power actions from update actions, allowing users to shut down or restart without triggering updates. 4. Enhanced insights on available updates, including device class information for driver updates. Additionally, the update process will be unified to minimize reboots, with a single restart expected per month for most users. Updates will download in the background and can be manually initiated by users. Improvements also focus on reducing update times and implementing automatic recovery measures for update failures.

Winsage

March 19, 2026

AI Fatigue: Microsoft Pulls Back on Putting Microsoft Copilot Everywhere in Windows 11

Microsoft has decided to abandon plans to integrate Copilot more deeply into Windows 11 following user complaints. Features that would have introduced AI-driven notifications and enhancements are no longer being pursued. The company acknowledged user pain points and is shifting focus towards core stability fixes scheduled for 2026. Additionally, the launch of Windows Recall in 2024 faced privacy issues, leading to a revised version that includes data encryption and user authentication. Microsoft has also allowed administrators on Pro and Enterprise systems to uninstall the Copilot app under certain conditions, reflecting a response to user feedback and past update failures.

Winsage

February 1, 2026

Microsoft confirms that a stack of bad Windows updates is causing boot issues

Windows 11 is facing significant issues following the January Patch Tuesday, particularly with boot failures on commercial devices. These problems are linked to both the January update and a flawed December update, leading to a "UNMOUNTABLEBOOTVOLUME" Blue Screen of Death (BSOD) error. Microsoft has indicated that devices that did not successfully install the December security update are left in an improper state, which can prevent booting when subsequent updates are attempted. While Microsoft is working on a partial solution to prevent further installations that could cause boot failures, this fix will not resolve issues for devices already affected. The company is investigating the causes of these update failures and their consequences.

Winsage

November 19, 2025

Microsoft’s new recovery tools rebuild Windows when it glitches

Microsoft has announced two new tools for enhancing Windows PC recovery capabilities within organizations: point-in-time restore and cloud rebuild. Point-in-time restore allows users to revert their system to a previous state by taking snapshots of the Windows environment at various intervals, facilitating recovery from issues like update failures and driver conflicts. This feature will be available for testing by Windows insiders in an upcoming build. Cloud rebuild enables IT administrators to restore the operating system directly from the cloud, similar to the existing Reset feature. Administrators can select the Windows version and language through the Microsoft Intune portal, prompting the PC to download the necessary installation media. This tool resets Windows while allowing for the restoration of personal files, applications, and settings using OneDrive and Windows Backup for Organizations. Both tools are designed for businesses using Microsoft Intune and are expected to be integrated into Intune in the first half of 2026 as part of Microsoft's Windows Resiliency Initiative. Additionally, Microsoft is introducing Quick Machine Recovery (QMR) to address boot-up problems and enhance Windows driver resilience.