Microsoft May security patch fails for some due to boot partition size glitch

At a glance:

• May 2026 Windows 11 update fails on devices with ≤10 MB free on the EFI System Partition (ESP).
• Installation stalls around 35‑36% during the reboot phase, leaving systems unpatched.
• Microsoft advises a registry tweak or expanding the ESP to ~1.5 GB; experts stress careful, staged rollout.

What happened

Microsoft’s May 2026 cumulative security update for Windows 11 is designed to deliver dozens of critical patches. In practice, a subset of machines encounter a hard stop during the reboot stage, roughly at 35‑36% progress. The failure is traced to insufficient free space on the EFI System Partition (ESP), typically 10 MB or less. When the installer reaches the point where it needs to write boot‑related files, it discovers the partition cannot accommodate the new data, aborts, and rolls back, leaving the system exposed to the vulnerabilities the update was meant to fix.

The problem was first disclosed in a Microsoft advisory that notes the update may appear to install correctly through the initial phases before failing at reboot. Affected devices report the generic message “Something didn’t go as planned. Undoing changes.” No explicit error code is provided, making automated detection difficult for IT teams that rely on standard update logs.

Why it matters

Security updates are a cornerstone of enterprise risk management. When a patch fails silently, organizations may assume they are protected while the underlying vulnerabilities remain exploitable. Cybersecurity consultant Brian Levine, executive director of FormerGov, warned that the incident erodes trust in the Windows Update pipeline itself, describing it as “a basic hygiene failure dressed up as a technical issue.” The failure highlights a broader challenge: mature operating systems still struggle with accurate pre‑flight validation of low‑level storage constraints.

For large enterprises, the impact multiplies. A single mis‑sized ESP on a handful of laptops can generate a cascade of help‑desk tickets, rollback cycles, and missed maintenance windows. David Neuman of Acceligence emphasizes that the issue turns into a “fleet hygiene problem” rather than an isolated incident, forcing IT departments to redesign health‑reporting metrics to include ESP free‑space checks.

Expert recommendations

Gartner senior director analyst Eric Grenier advises expanding the ESP to at least 1.5 GB. He notes that this size comfortably accommodates the update payload and also provides room for future Windows Recovery Environment updates. Grenier cautions that any registry‑based workaround—specifically modifying the HKLM\SYSTEM\Setup\LabConfig keys to force the install—should be tested on pilot devices and rolled out slowly, with full registry backups in place.

Ishraq Khan, CEO of coding‑productivity tool vendor Kodezi, places part of the blame on both Microsoft and IT teams. He argues that the Windows Update engine should have blocked the installation earlier, presenting a clear remediation message instead of proceeding to a reboot‑stage failure. Khan recommends that organizations bake larger ESPs into gold images for new deployments and treat partition resizing as a lifecycle engineering task rather than an ad‑hoc fix.

Mitigation steps for IT admins

1. Check ESP size – Use PowerShell (Get-Partition –DiskNumber X –PartitionNumber Y) to verify free space; any value under 10 MB is at risk.
2. Apply the registry fix – Set HKLM\SYSTEM\Setup\LabConfig\BypassSecureBootCheck to 1 and HKLM\SYSTEM\Setup\LabConfig\ForceUpdateFromAnyVersion to 1, then reboot and re‑run Windows Update.
3. Resize the ESP – If possible, use Disk Management or diskpart to extend the ESP to 1.5 GB, ensuring a backup of the partition first.
4. Pilot and phase – Deploy the fix to a small group of devices, monitor logs for the “undoing changes” message, and only then expand rollout.
5. Update health monitoring – Add ESP free‑space metrics to endpoint management dashboards and incorporate the check into baseline compliance policies.

By following these steps, organizations can reduce exposure while Microsoft prepares a future update that includes a more robust pre‑flight check for ESP capacity.

Looking ahead

Microsoft has not yet commented on the issue, but the advisory suggests a forthcoming patch will address the detection logic. In the meantime, the incident serves as a reminder that even well‑established platforms can suffer from edge‑case failures that have outsized operational impact. Enterprises are likely to revisit their patch‑management playbooks, emphasizing deeper hardware‑level validation and more granular telemetry to catch similar problems before they reach production.

The broader lesson extends beyond Windows: any operating system that relies on boot‑partition modifications must ensure accurate space accounting before committing to a reboot. As the industry pushes toward faster, more frequent updates, the balance between agility and reliability will remain a critical focus for both vendors and the organizations that depend on them.