Windows Security Update

Winsage
June 1, 2026
Microsoft resolved an issue causing installation failures and error code 0x800f0922 during the deployment of the May 2026 Windows 11 security update (KB5089549), which was linked to insufficient free space on the EFI System Partition (ESP). The problem mainly affected devices with 10 MB or less available space, leading to automatic rollbacks of the update. The resolution was provided through the release of the Windows 11 KB5089573 preview cumulative update on May 26, 2026. Users installing updates released on or after this date will not need a workaround, while those with earlier updates can use the Known Issue Rollback feature. Additionally, IT administrators in enterprise settings can manually address the issue through Group Policy configurations. The KB5089573 update introduced 30 changes to improve performance and reliability.
Winsage
May 19, 2026
Microsoft has issued a service alert indicating that customers in restricted network environments may encounter Windows Update failures, specifically error code 0x80010002, after installing the January 2026 optional non-security preview updates. Affected devices might download the February monthly Windows security update but could struggle with updates released in March and beyond due to changes in download timeout requirements. Microsoft is working on a resolution, and IT administrators can use Known Issue Rollback (KIR) as a workaround by configuring the appropriate Group Policy for their Windows version. A device restart is required to apply these settings. Historical issues include a bug fixed in April 2025 affecting WSUS installations and another issue resolved in August 2025 related to the Windows 11 24H2 cumulative update. Additionally, a KIR fix was provided for a known issue causing the May 2026 Windows 11 security update to fail with error code 0x800f0922.
Winsage
May 13, 2026
Microsoft has released the Windows 10 KB5087544 extended security update, which addresses vulnerabilities identified during the May 2026 Patch Tuesday and resolves issues related to Remote Desktop warnings. Users on Windows 10 Enterprise LTSC or enrolled in the ESU program can install it via Settings under Windows Update. The update upgrades Windows 10 to build 19045.7291 and Windows 10 Enterprise LTSC 2021 to build 19044.7291. The update focuses on security enhancements and bug fixes, addressing 120 vulnerabilities. Key fixes include resolving incorrect Remote Desktop security warning dialogs in multi-monitor setups, introducing dynamic status reporting for Secure Boot, and adjusting Daylight Savings Time for Egypt. A known issue may require users to input their BitLocker recovery key after installation, affecting systems with specific BitLocker Group Policy configurations. Microsoft suggests removing the affected Group Policy setting and suspending and resuming BitLocker as a temporary solution.
Winsage
May 10, 2026
Microsoft's April 2026 Windows security update, KB5083769, may disrupt image-mount operations for backup applications such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup due to the addition of the psmounterex.sys kernel driver to its Vulnerable Driver Blocklist. This action was taken to address a high-severity buffer overflow vulnerability, CVE-2023-43896. The inclusion of this driver in the blocklist has rendered several backup products inoperable, and Microsoft will not retract the block for security reasons. Administrators can use Event ID 3077 in the Code Integrity log to confirm that the blocklist is causing the failures. Microsoft advises updating backup applications to versions that include necessary driver protections instead of uninstalling or pausing the security patch. Additionally, the April updates have caused other issues, such as failures in Windows Server installations and devices booting into BitLocker recovery mode.
Winsage
May 6, 2026
Beginning in May 2026, Microsoft will introduce Hotpatching as a default feature for compatible systems, allowing security updates to be applied without requiring a restart. Hotpatching updates code directly in the memory of running processes, enabling selective updates without interrupting the entire system. It does not replace monthly security updates but alters their activation process on eligible systems, categorized as security updates within the monthly B releases. Eligible systems must be running Windows 11 version 24H2 or newer and possess suitable licenses such as Enterprise, Education, Microsoft 365, or Windows 365. Management of these updates will be facilitated through Windows Autopatch or Microsoft Intune. Microsoft will continue to utilize baseline updates that require a restart, which will alternate with Hotpatch months. Hotpatching aims to reduce the frequency of restarts tied to security updates, particularly benefiting environments where uptime is critical. However, planned restarts will still be necessary, and robust telemetry and maintenance practices will be needed to ensure smooth operation.
Winsage
April 21, 2026
Microsoft has released an out-of-band update to fix a restart loop issue affecting certain Windows Server devices after the April 2026 update. The problem arose after installing the April 2026 Windows security update (KB5082063), causing domain controllers in multi-domain environments using Privileged Access Management (PAM) to experience LSASS crashes during startup, leading to repeated restarts and potential domain outages. The update targets Windows Server versions 2016 through 2025 and includes hotpatches for failed installations. Only Windows Servers were affected, while some enterprise devices may need to enter their BitLocker recovery key after the first restart post-installation. Microsoft has issued similar updates recently, raising concerns about the frequency of these occurrences.
Winsage
April 16, 2026
Microsoft announced that certain Windows Server 2025 devices may experience a BitLocker recovery prompt after installing the April 2026 KB5082063 Windows security update. The recovery mode will be triggered under specific conditions: BitLocker must be enabled on the operating system drive, the Group Policy for TPM validation must be configured with PCR7, the Secure Boot State PCR7 Binding must indicate "Not Possible," the Windows UEFI CA 2023 certificate must be in the Secure Boot Signature Database, and the device must not be using the 2023-signed Windows Boot Manager. Microsoft stated that this issue is unlikely to affect personal devices, as the configurations are mainly found in enterprise-managed systems. They are working on a resolution and recommend administrators remove the Group Policy configuration before deploying the update. If removal is not possible, applying a Known Issue Rollback (KIR) is advised to prevent triggering the recovery prompt. Microsoft has previously addressed similar BitLocker recovery prompt issues in May 2025, August 2024, and August 2022.
Winsage
March 23, 2026
Microsoft released an out-of-band update to address bugs from the March 2026 security update, which caused some users to receive a "no internet" error when signing into Microsoft applications, despite having a stable connection. Users utilizing Microsoft Entra ID were not affected by this issue. Prior to the fix, Microsoft advised users to restart their devices and maintain a stable internet connection. The new update includes all elements from the March 10 security update and specifically resolves the connectivity issue. Windows chief Pavan Davuluri has committed to improving reliability and stability in the operating system, emphasizing thorough testing of updates before release.
Search