Microsoft has confirmed a widespread issue where PCs upgraded from certain older Windows versions to Windows 11 24H2 or 25H2 cannot install subsequent monthly cumulative updates. The updates fail with error codes 0x80073712 or 0x800f0993, leaving systems stuck in an update loop.

Affected devices trace back to in-place upgrades from Windows 10 21H2, Windows 10 22H2, or Windows 11 23H2. During the upgrade to 24H2 or 25H2, corruption quietly crept into the component servicing stack, specifically the Component-Based Servicing (CBS) store. That corruption blocks future cumulative updates from being processed. The result: every Patch Tuesday, affected machines attempt to install the latest security update, only to fail repeatedly.

The bug first surfaced in late 2024, shortly after the 24H2 rollout. Microsoft acknowledged the problem in its Windows health dashboard on December 15, 2024, and has since updated the advisory multiple times. The issue now also affects the Windows 11 25H2 update (build 26100.xxxx) that began rolling out to Insiders in early 2025.

What the error codes mean

Error 0x80073712 – ERROR_SXS_COMPONENT_STORE_CORRUPT – indicates that the Windows servicing store is inconsistent. The store keeps track of every installed component and update. When it gets corrupted, the system cannot validate or install new packages.

Error 0x800f0993 – CBS_E_UNEXPECTED – is a catch-all for servicing stack failures. It often appears side by side with 0x80073712 when Windows Update tries to deploy a cumulative update and encounters a corrupt manifest or missing catalog.

Both errors share a common root: damaged servicing stack files introduced during the OS uplift. Instead of a clean migration of the CBS store, some entries become orphaned or misregistered. Without these entries, the servicing engine cannot resolve dependencies for new updates.

Which Windows editions are vulnerable?

The problem only affects certain upgrade paths. If you installed Windows 11 24H2 or 25H2 from scratch—via a clean install or factory image—you are not affected. The bug specifically hits devices that performed an in-place upgrade, using either Windows Update or a media creation tool, from:

  • Windows 10 version 21H2 (any edition)
  • Windows 10 version 22H2 (any edition)
  • Windows 11 version 23H2 (any edition)

Not every device on these upgrade paths will encounter the bug. Microsoft hasn’t published exact percentages, but user reports on Reddit and the Microsoft Community forums suggest a significant minority—perhaps 10–15% of upgraded systems—are failing. Enterprise customers with hundreds of endpoints have also flagged the issue, indicating it’s not limited to consumer hardware.

Symptoms: more than just a failed update

When the cumulative update fails, Windows Update typically reports “Download error – 0x80073712” or “Install error – 0x800f0993.” The update history shows the same KB being offered again after a reboot.

Some users also encounter:
- Slow logins after an update attempt.
- The Windows Modules Installer (TrustedInstaller) consuming high CPU.
- Event Viewer logs full of CBS events (Source: Microsoft-Windows-Servicing, ID 4385, “CBS Failed to resolve package”).
- SFC (System File Checker) finding and “repairing” files that reappear broken after the next update.

The corruption can prevent not only cumulative updates but also standalone MSU packages from installing. IT admins using WSUS or Configuration Manager report that the same KBs fail regardless of deployment method.

Microsoft’s official word

In the Windows health dashboard entry (last updated February 28, 2025), Microsoft writes:

“Devices that upgraded from Windows 10, version 21H2 or 22H2, or from Windows 11, version 23H2, to Windows 11, version 24H2 or 25H2 might experience issues installing future monthly security updates. Affected updates fail with error 0x80073712 or 0x800f0993.”

The company says it is “working on a resolution” and will provide a fix in a future update. No timing is given. Until then, manual repair is the only option.

DIY fix: using DISM to clean up the component store

The most reliable workaround involves the Deployment Imaging Service and Management Tool (DISM). A standard RestoreHealth command can often repair the CBS store enough to let updates proceed. Here’s the step-by-step:

  1. Open an elevated Command Prompt (Run as Administrator).
  2. Run:
    DISM /Online /Cleanup-Image /RestoreHealth
    This checks the servicing store and replaces corrupted files with good copies from Windows Update or a local repair source.
  3. If the command fails with “The source files could not be found,” you can point DISM to an install.wim or a mounted ISO:
    a. Mount or extract a Windows 11 24H2/25H2 ISO.
    b. Note the path to the install.wim file (usually inside the Sources folder).
    c. Run:
    DISM /Online /Cleanup-Image /RestoreHealth /Source:WIM:X:\\Sources\\install.wim:1 /LimitAccess
    Replace X: with the actual drive letter.
  4. After DISM completes successfully, run SFC:
    sfc /scannow
    This verifies system files and corrects any lingering integrity violations.
  5. Reboot and attempt Windows Update again.

Many users find that DISM takes 30–60 minutes to complete and may appear stuck at 62.3%—this is normal. Wait it out.

Second-line fix: in-place upgrade repair

If DISM doesn’t clear the errors, an in-place upgrade repair (also called “repair upgrade”) rebuilds the servicing stack while preserving apps and data. This procedure effectively reinstalls Windows 11 without removing personal files.

  • Download the latest Windows 11 ISO from Microsoft’s official site.
  • Mount the ISO or extract it.
  • Run setup.exe.
  • On the “Get updates, drivers and optional features” screen, select “Download updates” to include the latest cumulative update in the repair.
  • Accept the license terms.
  • On the “Choose what to keep” page, ensure “Keep personal files and apps” is selected.
  • Proceed with the installation. The process takes about 45 minutes to two hours, depending on the hardware.

After the repair upgrade, the component store is rebuilt from scratch. Subsequent cumulative updates should install without issue. However, this method doesn’t always carry forward all per-user app settings for some Store applications, so users may need to reconfigure a few apps.

Clean install: the nuclear option

For users willing to start fresh, a clean installation eliminates the root cause entirely. Use the Windows 11 Installation Assistant or create a bootable USB with the Media Creation Tool. During setup, delete all existing partitions on the system drive (after backing up data) and install Windows 11 24H2 or 25H2 directly. This bypasses the corrupted upgrade path.

While a clean install is foolproof, it’s time-intensive and requires restoring files and reinstalling programs. Many users will prefer the in-place repair.

Why didn’t Windows roll back?

Windows typically detects corruption during feature updates and triggers a rollback. In this case, the damage occurs after the update is marked as successful. The migration of the CBS store happens in a post-upgrade phase that isn’t covered by the automatic rollback trigger. Microsoft’s engineering team is investigating why the CBS migration logic allowed partial corruption to persist.

What about removing recent updates?

Some forums suggest uninstalling the latest cumulative update to get back to a working state. That advice is counterproductive. The faulty cumulative update is not the cause; it simply fails because the underlying store is already broken. Uninstalling other updates won’t heal the component store and may introduce additional inconsistency.

Enterprise impact and workarounds

Organizations using deployment tools like ConfigMgr or Intune are hit hardest because the error prevents compliance with security update deadlines. Until Microsoft delivers a permanent fix, IT admins can:

  • Push the DISM repair script via Task Scheduler or remediation scripts.
  • Prepare an in-place upgrade task sequence that runs setup.exe with the /auto upgrade /quiet switches, picking up the latest ISO and cumulative update.
  • For zero-touch provisioning, switch to clean imaging for devices originally on the affected upgrade paths.

Microsoft has added detection logic to its “Windows Update for Business reports” that flags devices likely to encounter this problem. Admins can create a custom report to identify at-risk machines by checking the upgrade source version against the current build.

What if the fixes don't help?

A small number of users report that even after a successful DISM RestoreHealth and SFC scan, the next cumulative update still fails with the same error. In-depth analysis of CBS logs reveals that DISM cannot fully resolve certain orphaned package registrations. In these edge cases, the only reliable fix is an in-place repair upgrade. Microsoft Support has, in some instances, advised affected enterprise customers to perform an in-place upgrade as the recommended interim step.

Looking ahead

Microsoft has assigned the bug a tracking identifier and listed it as “mitigated externally” on the health dashboard—meaning users can fix it themselves. The company hasn’t shared a timeline for a servicing-side fix, but speculation points to a future servicing stack update (SSU) that will retroactively clean the CBS store during the next cumulative update installation.

For now, the onus is on users and administrators to run the DISM or in-place repair. The work is not trivial, but the upside is immediate: once cleaned, the device resumes normal update behavior and receives all security patches on schedule.

If you rely on Windows Update to keep your PC safe, don’t ignore these errors. A machine that can’t install the latest cumulative update is a machine that’s missing critical exploit mitigations. Set aside an hour, run the DISM commands, and get back on the patching rhythm.