Microsoft’s latest cumulative update for Windows 11, KB5065426, should have been a routine Patch Tuesday instalment. Instead, it’s triggering a wave of installation failures, delivering cryptic error codes, and in some cases, killing file sharing on local networks. Released on September 9, 2025, the update bundles critical security fixes — including patches for two publicly disclosed zero-day exploits — with a servicing stack update (SSU) and quality improvements. But for a significant number of users, the package simply won’t land, and when it does, SMB connectivity often crumbles.

Reports are pouring in across Microsoft’s community forums, Feedback Hub, and tech outlets. Windows Latest, which first spotlighted the growing complaints, has received dozens of messages from readers — including seasoned system administrators — who say the update repeatedly rolls back or gets stuck in a download loop. “I’m getting ‘Install error – 0x800F0991’ no matter what I do,” one admin told the site. “And let me tell you that I’m an experienced Windows OS admin.” The list of error codes is unusually long: 0x800F0991, 0x800F0922, 0x80071A2D, 0x800F081F, 0x80070302, 0x80070306, 0x8000FFFF, and others. For some, the Windows Update page shows nothing but a generic “Download Error – 0x800700C1.” Others see the progress bar reach 60% on a manual install, then vanish with a terse “did not install” message.

And the headaches don’t stop at installation. After the update manages to install — or even if it doesn’t — users are reporting that file sharing over SMB breaks entirely. System error 86 credential failures, repeated login prompts that refuse correct passwords, and SMBv1 shares dropping offline are showing up in home offices and small businesses alike. “After KB5065426 installed on 09-11 my two HP laptops with Win11 failed to connect to each other on the home network,” one user told Microsoft’s Feedback Hub. “Before the update, file sharing worked perfectly. Now I cannot connect to any file shares set up before or after the update.”

What’s Inside KB5065426 — and Why It Stings

The September update is a combined SSU + LCU rollup for Windows 11 version 24H2 (OS Build 26100.6584). The SSU pairing is deliberate: it ensures that the servicing stack is updated before the cumulative fixes are applied, a practice Microsoft has employed for years to prevent certain update failures. But this coupling also means the SSU can’t be removed once installed, complicating rollback. The payload addresses multiple high-severity vulnerabilities, including two zero-days related to SMB and related components, and adds new SMB auditing features — for example, the ability to log client compatibility with SMB signing and Extended Protection for Authentication (EPA). These changes are meant to help admins harden networks, but they also expose brittle configurations that rely on legacy SMBv1 or NetBIOS over TCP (NetBT).

Microsoft also bundles updated AI component binaries for Copilot+ devices, which expands the package’s footprint. Several users noted that the download appears much larger than usual, with installs taking longer even on fast connections. While Microsoft has not given an official size, the inclusion of AI-related files likely adds hundreds of megabytes.

The update’s known issues list, published on the official KB page, is slim: it only calls out a problem with PowerShell Direct when host and guest VMs are out of sync with hotpatch state. That narrow advisory doesn’t prepare admins for the torrent of installation errors now making the rounds.

The Error Landscape — Multiple Codes, One Root?

Community diagnostics suggest no single culprit. Instead, the variety of error codes points to several concurrent failure modes. Here are the most frequent, along with what they usually signal:

  • 0x800F0991 – Often tied to missing dependencies or component store corruption. Users who see this typically find that DISM scans reveal repairable issues, but even after repair, the install fails.
  • 0x800F0922 – A classic flag for EFI system partition (ESP) space constraints on UEFI machines. If the ESP is too small or incorrectly formatted, the servicing stack can’t stage files.
  • 0x80071A2D and 0x80073712 – Component store errors that can arise from locked files or interrupted prior updates.
  • 0x800F081F – Often points to missing .NET Framework prerequisites or corrupted manifests. Several users fixed this by manually repairing .NET components.
  • 0x80070302 and 0x80070306 – Indicate that files needed by the installer are in use or locked, frequently by real-time antivirus or virtualization features like Windows Sandbox and Hyper-V.
  • 0x8000FFFF and 0x800700C1 – Generic catastrophic failures that can stem from corrupted update caches or third-party interference.

When the update fails, the system attempts to roll back. But because the SSU is permanent, the rollback is partial at best, which can leave devices in a limbo state — patched enough to confuse future updates, but not fully installed.

SMB and File Sharing — Hardening Turns Hostile

The spike in SMB issues is perhaps the update’s most disruptive side effect. Microsoft’s official statement, released after initial reports, confirms that the September updates “might cause connection failures to SMBv1 shares when using NetBIOS (NetBT) transport.” Even networks that don’t advertise SMBv1 can be affected if any device — an old NAS, a printer, a legacy appliance — still tries to negotiate the protocol. The new auditing features, while off by default, may also change authentication handshakes in subtle ways that trigger credential loops.

Affected users describe a familiar sequence: they enter valid credentials, Windows prompts again, and the connection ultimately fails with “System error 86.” In many cases, uninstalling KB5065426 restores file sharing instantly, confirming the update as the cause. However, since the SSU doesn’t roll back, some residual damage may persist even after removal.

What You Should Try First — A Safe, Stepwise Fix

Before reaching for nuclear options like in-place upgrades, follow this graduated troubleshooting checklist. Each step is reversible and narrows down the likely cause.

  1. Basic housekeeping: Reboot, then run the Windows Update Troubleshooter (Settings > System > Troubleshoot > Other troubleshooters). Reboot again and retry. It’s simple but has cleared transient glitches for many.
  2. Kill the third party: Temporarily disable any third-party antivirus, firewall, and VPN. Ensure you’re on a reliable, unfiltered network. These tools frequently block extraction of servicing stack files or interfere with trust checks.
  3. Repair component store: From an elevated command prompt, run:
    sfc /scannow DISM /Online /Cleanup-Image /RestoreHealth
    If DISM complains about missing sources, mount a Windows 11 24H2 ISO and use /Source to point it to the install.wim. This step resolves many 0x800F0991 and 0x800F081F errors.
  4. Suspend virtualization: Disable Windows Sandbox and Hyper-V (Control Panel > Turn Windows features on or off). Reboot and retry the update. After the update succeeds, re-enable them one at a time.
  5. Clear Windows Update cache: Stop the bits, wuauserv, and cryptsvc services. Rename C:\Windows\SoftwareDistribution to SoftwareDistribution.old and C:\Windows\System32\catroot2 to catroot2.old. Restart the services. This wipes any corrupted download metadata.
  6. Check EFI partition (if 0x800F0922 appears): Use Disk Management or diskpart to confirm the ESP exists, is formatted FAT32, and has at least 100–200 MB free. Resizing the ESP is risky — back up fully before attempting, and only do so if you’re comfortable with boot repair.
  7. Avoid wusa.exe for combined packages: Manually installing the .msu with wusa on a combined SSU+LCU can cause sequencing issues. Instead, use DISM to apply the package offline, or let Windows Update handle the chain.

When Normal Fixes Fail — The Media Creation Tool Lifeline

The single most reliable workaround reported in both the community and original testing is an in-place upgrade via the Media Creation Tool (MCT). The tool performs what amounts to a repair install: it reinstalls Windows, keeps your files and apps, and brings the system to the latest build — which includes KB5065426 and any missing dependencies.

To use it, download the MCT from Microsoft’s download portal, launch it, choose “Upgrade this PC now,” and select the option to keep personal files and apps. The process can take 30–90 minutes and requires a stable internet connection and sufficient free disk space. Several readers confirmed to Windows Latest that this method “patches other potential issues in the operating system” and let the September update install smoothly afterward. If the MCT doesn’t offer the keep-files option — sometimes due to version mismatches — switch to the Windows 11 Installation Assistant, which works similarly but with a guided wizard.

For users who only need temporary relief from SMB breakage, uninstalling KB5065426 through Settings > Windows Update > Update history > Uninstall updates will restore file sharing in most cases. Microsoft warns that this removes critical security fixes, so treat it as a stopgap. If you go this route, plan compensating controls: block SMB access at the firewall, enable stricter network segmentation, and monitor for exploitation attempts targeting the zero-days.

Enterprise and Business Implications

The breadth of failures this month is a sharp reminder why phased rollout rings exist. Organisations that pushed KB5065426 to all devices at once discovered identical machines failing in clusters — likely because cloned images shared the same latent ESP size constraints or .NET configurations. “I’ve never seen anything like this in 20 years,” a sysadmin told Windows Latest, echoing a sentiment found in several forum threads.

Larger environments should take these additional steps:

  • Collect telemetry before fixing: Grab C:\Windows\Logs\CBS\CBS.log, the output of Get-WindowsUpdateLog, and Event Viewer system logs. These artefacts will speed up any Microsoft support case.
  • Test the MCT workaround on a representative sample: In-place upgrades re-silver the entire OS, so verify that your line-of-business apps survive the process before scaling.
  • Audit SMBv1 usage immediately: If you still have devices forcing SMBv1, start planning their retirement or isolation. Microsoft’s hardening trend isn’t reversing.
  • Watch for Microsoft’s response: The company has previously issued “known issue rollback” fixes or refreshed cumulative updates to address widespread install problems. Monitor the Windows Release Health dashboard and the Microsoft Update Catalog for a follow-up package.

What’s Next?

KB5065426 isn’t unique in causing update turbulence, but the combination of installation errors and networking breakage has made it one of the more disruptive patches in recent memory. The underlying problem is structural: as Microsoft packs more security hardening and AI components into monthly rollups, the interaction surface with device-specific quirks grows. Until the servicing stack becomes more resilient to these edge cases, the onus is on users and IT teams to build robust pre‑patch testing and rollback processes.

For now, the Media Creation Tool in-place upgrade is the most consistent escape hatch. It’s not elegant, but it works. And if you’re one of the many staring at error 0x800F0991 after your third retry, elegance can wait.