(Image: Dirk Knop / heise online). Windows security updates from May are failing on some systems. The cause is insufficient space on the EFI partition. Windows updates from last week [1] cannot be installed on some Windows 11 systems. An error code “0x800f0922” is associated with the EFI system partition. Possible countermeasures should help.
Microsoft acknowledges the problem in the Message Center of the Windows Release Health notes [2]. The May security updates can generate error code “0x800f0922” under certain circumstances. According to Microsoft, the problem affects devices that have insufficient space in the EFI system partition. This is particularly the case when the free space is only 10 MB or less. Microsoft has confirmed the problem for Windows 11 24H2 and 25H2.
On affected devices, the company explains, installation may proceed through the initial phases, but then fail in the reboot phases at around 35 to 36 percent progress. The installation then initiates a rollback and the message “Something didn’t go as planned. Undoing changes” appears. In such cases, log entries like “SpaceCheck: Insufficient free space”, “ServicingBootFiles failed. Error = 0x70” or “SpaceCheck: used by third-party/OEM files outside of Microsoft boot directories” can be found in the file “C:WindowsLogsCBSCBS.log”.
Possible countermeasures. Affected users can help themselves in two ways, Microsoft further explains. They can make changes to the registry – Microsoft advises to create a backup beforehand – and add the DWORD key “EspPaddingPercent” with value “0” in the path “HKLMSYSTEMCurrentControlSetControlBfsvc”. At the administrative command prompt (click Start, type “CMD” and select “Run as administrator”), Microsoft says this is accomplished with the command reg add “HKLMSYSTEMCurrentControlSetControlBfsvc” /v EspPaddingPercent /t REG_DWORD /d 0 /f. After a restart, the update should be installable.
The second form of assistance consists of a Known Issue Rollback (KIR), in which the questionable update component simply is not distributed. Microsoft has set this up for all unmanaged devices and machines of private end customers, so it is rather aimed at admins in business environments. Restarting the computers can help the KIR become effective more quickly. IT managers receive a download link in the Message Center post for a group policy with which they can implement this in their network.
(dmk [4]). URL of this article:
https://www.heise.de/-11297109
Links in this article:
https://www.heise.de/news/Patchday-Microsoft-Kritische-DNS-Client-Luecke-bedroht-Windows-11292506.html
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-25h2#4854msgdesc
heise security PRO
mailto:dmk@heise.de
Copyright © 2026 Heise Medien
heise security News