Microsoft eases Windows 11 mandatory updates KB5089549

Microsoft released KB5089549 for Windows 11 on May 12 as the May 2026 cumulative security update for versions 24H2 and 25H2, according to its support documentation. The package carries OS builds 26100.8457 and 26200.8457 and includes both security fixes and non-security changes from the prior preview release. Microsoft’s own notes do not frame the update as a consumer-facing feature launch, but they do show the company adjusting how some security-related updates are targeted and deployed. Neowin highlighted that change on May 19, describing it as a step that reduces friction around mandatory updates. ### Where does KB5089549 fit in Microsoft’s normal update cycle? Microsoft says Windows 11 receives monthly cumulative security updates on the second Tuesday of each month, and KB5089549 is the May 2026 “B” release for Windows 11 versions 24H2 and 25H2. Because these releases are cumulative, devices that install KB5089549 also receive prior fixes included in earlier updates. (support.microsoft.com) The Microsoft Update Catalog lists KB5089549 packages for x64 and Arm64 systems on both Windows 11 24H2 and 25H2, all dated May 12, 2026. Microsoft’s support page says devices that already installed earlier updates will download only the new changes in this package. ### What changed inside this release that drew attention? Microsoft’s release notes say Windows quality updates now include “additional high confidence device targeting data,” which increases coverage of devices eligible to automatically receive new Secure Boot certificates. (learn.microsoft.com) The company says those certificates are delivered only after devices show “sufficient successful update signals,” which it describes as part of a controlled and phased rollout. (catalog.update.microsoft.com) The same support note says KB5089549 creates a new SecureBoot folder under `C:\Windows` on eligible devices. Microsoft says the folder contains example scripts that IT professionals can use to detect Secure Boot certificate update status and automate deployment in Active Directory environments. Neowin linked those changes to Microsoft’s broader effort to make crucial Windows 11 security updates easier to install when the company decides they are required. (support.microsoft.com) That characterization comes from Neowin’s reading of the release and related Windows rollout guidance, rather than from a direct Microsoft statement using that language. ### Is this only about Secure Boot, or were there other fixes too? Microsoft says KB5089549 also includes a boot manager servicing update intended to improve startup reliability after boot file updates. The company says the fix addresses a known issue in which some systems could enter BitLocker Recovery after boot files were updated on devices with certain Trusted Platform Module settings, including invalid PCR7 configurations. (neowin.net) The support note says that problem could occur after the April 2026 security update, KB5083769. Microsoft also lists a connectivity fix for Simple Service Discovery Protocol notifications and daylight saving time support for Egypt’s 2023 change. ### Did Microsoft acknowledge any problems with KB5089549? (support.microsoft.com) Microsoft’s Windows release health page says some devices failed to install the May 2026 security update with error code 0x800f0922. The company says the issue affected devices with limited free space on the EFI System Partition, especially systems with 10 MB or less available. Microsoft marked that issue as mitigated on May 15 at 14:30 Pacific time, according to the same release health entry. (support.microsoft.com) The page identifies KB5089549 and OS Build 26100.8457 as the originating update for that problem. ### Which Windows 11 users are most directly affected next? Microsoft’s release health documentation says Windows 11 version 25H2 is now the latest available version of Windows 11. (learn.microsoft.com) The company also says unmanaged Home and Pro devices running version 24H2 will receive the Windows 11 25H2 update automatically, while users can still choose restart timing or postpone the update. Microsoft lists October 13, 2026 as the end-of-updates date for Windows 11 24H2 Home and Pro editions, and its release information page shows KB5089549 as the latest May 2026 security update for both 24H2 and 25H2. Administrators tracking the rollout can follow the Windows release health dashboard and the KB5089549 support page for further revisions and known-issue updates. (learn.microsoft.com)