699eee792235758e12e070c1
Microsoft confirms patching issues in restricted Windows networks
Microsoft confirms a Windows Update issue in restricted networks (air‑gapped or tightly firewalled) after January 2026 optional non‑security previews. Affected devices may download the February 2026 security update but then cannot download March and later updates, displaying error 0x80010002. The problem stems from changed download timeout behavior and does not affect update installation. Microsoft recommends a workaround using Known Issue Rollback (KIR) via Group Policy, with specific KB rollbacks for Windows 11 26H1 and for Windows 11 24H2/25H2 and Windows Server 2025, plus a restart to apply the policy and guidance on deployment.
Microsoft confirms patching issues in restricted Windows networks
OverviewIn restricted network environments, including air-gapped or tightly firewalled systems, Windows Update may fail to fetch new updates after installation of January 2026 optional non-security preview updates. Affected devices can still download updates from February 2026, but may be unable to retrieve March, April, or later updates through the Windows Update page. Microsoft characterizes this as a download timeout behavior introduced by recent changes in how download operations are started, and notes that it does not impact the device’s ability to install updates once they are downloaded.
Affected Environments
- Fully isolated or air-gapped networks
- Firewalled or tightly restricted corporate networks
- Systems managing updates exclusively through Windows Update settings
Symptom Details
- Error code seen: 0x80010002 during Windows Update operations
- February 2026 monthly security updates may be downloaded
- Inability to use Windows Update settings to fetch March, April, or later updates
Root Cause
- The issue stems from changes in download timeout requirements at the start of update downloads
- It is a download-related problem, not an issue with device integrity or the installation process itself
- Impacts only the ability to download updates from the internet via Windows Update
Mitigation and WorkaroundsKnown Issue Rollback (KIR)
- Microsoft recommends using Known Issue Rollback (KIR) to reverse buggy updates delivered via Windows Update
- Two KIR packages are available for this issue:
- Windows 11 26H1 KB5083806 Known Issue Rollback
- Windows 11 24H2, Windows 11 25H2 and Windows Server 2025 KB5083631 Known Issue Rollback
- Deployment notes:
- Download the appropriate MSI package for your Windows version
- Install the MSI to add the rollback capability
- Configure the Group Policy corresponding to your Windows version to enable KIR
- Restart affected devices to apply the policy
- For deployment guidance, consult Microsoft’s support documentation on deploying Known Issue Rollback and the Group Policy settings involved
Additional Guidance
- After applying KIR and restarting, systems should regain the ability to receive subsequent Windows Updates without being blocked by the prior faulty update state
- The KIR approach is designed to be a targeted fix that reverses the problematic update behavior without impacting other security or feature updates
Historical Context: Related Update Issues and Fixes
- April 2025: Microsoft released a fix for a 0x80240069 error that blocked enterprise customers from applying the April 2025 security updates, particularly when installed via Windows Server Update Services (WSUS)
- August 2025: A nearly identical 0x80240069 issue resurfaced for the Windows 11 24H2 cumulative update delivered via WSUS, which was subsequently addressed
- May 2026: Microsoft disclosed a fix for a known issue affecting the May 2026 Windows 11 security update (KB5089549), which could fail to install on some systems and trigger 0x800f0922 errors
Notes on Validation and Testing
- In enterprise environments, it is common to rely on WSUS or other management tools to stage updates
- When applying KIR, IT administrators should validate that the rollback does not interfere with other update workflows and that the normal update cadence resumes after a restart
Promotions and Related Guides
- The Validation Gap: Automated pentesting answers one question. You need six.
- This guide highlights six surfaces to validate beyond merely proving that an attacker can move laterally through a network
- Download and review the guide to understand broader security control effectiveness beyond initial breach attempts
- Download Now
Closing contextMicrosoft continues to monitor Windows Update reliability across diverse deployment scenarios and provides rollback mechanisms to help administrators recover from known update issues without broad system remediation. As networks vary from fully offline to highly segmented, these targeted rollback and policy-based approaches remain central to maintaining update hygiene while minimizing disruption to critical operations.
