Microsoft has quietly released a fix for a Windows 11 bug that knocked out some of the operating system’s most heavily used applications — but there’s a catch. The patch won’t arrive on your machine through normal update channels. You have to go get it yourself.
The problem traces back to KB5058405, a security update Microsoft pushed to Windows 11 version 24H2 on May 13 as part of its regular Patch Tuesday cycle. Within days, reports surfaced that the update was breaking Microsoft Edge, OneDrive, the Widgets panel, and the Copilot app. Users found these applications either failing to launch entirely or crashing shortly after opening. For an update that was supposed to shore up security, it introduced a particularly disruptive set of side effects, as first reported by TechRadar.
The root cause? A conflict with a specific security feature. Microsoft identified that the update was interfering with the Control Flow Guard (CFG) exploit protection mechanism. CFG is designed to prevent certain classes of memory corruption attacks by restricting where code can execute. When KB5058405 collided with CFG’s enforcement, applications relying on certain rendering frameworks — particularly those built on WebView2, the Chromium-based component Microsoft uses across Edge and several other first-party apps — simply stopped working.
That’s a significant blast radius. Edge is still the default browser on hundreds of millions of Windows PCs. OneDrive handles file synchronization for consumers and enterprise users alike. Widgets, while less mission-critical, represent Microsoft’s ongoing push to embed AI-powered information surfaces directly into Windows. And Copilot, the company’s flagship AI assistant, has been positioned as central to the future of the platform. All of them broken by a single security patch.
Microsoft acknowledged the issue in its Windows release health documentation. The company confirmed that applications “which use the WebView2 runtime might experience issues” after installing the May 13 update. But rather than rushing out a standard cumulative fix through Windows Update, Microsoft opted to release the remedy as a Known Issue Rollback, or KIR.
KIR is a mechanism Microsoft introduced several years ago to address exactly this kind of scenario — a non-security update or side effect that needs to be reversed without pulling back the entire patch. The system works by toggling off the specific change that caused the problem while leaving the rest of the update intact. It’s a scalpel rather than a sledgehammer.
Here’s where it gets complicated for most users. KIR fixes do propagate automatically — eventually. Microsoft says the rollback can take up to 24 hours to reach consumer and unmanaged devices through background policy refreshes. But for IT administrators managing fleets of enterprise machines through Group Policy, the fix requires manual intervention. And even on consumer machines, the timeline isn’t guaranteed.
For those unwilling to wait, there’s a manual path. Users need to navigate to the Windows Update settings, check for updates, and install any available optional or out-of-band patches. Microsoft has also published a specific Group Policy configuration that enterprise admins can deploy to force the rollback immediately. The policy is tied to the Known Issue Rollback entry for KB5058405 and can be pushed through the Group Policy Management Console or Intune.
The situation highlights a recurring tension in Microsoft’s update strategy. The company has spent years consolidating Windows updates into a single monthly cadence, arguing that predictability reduces risk. But when a Patch Tuesday release itself becomes the source of breakage, the response mechanism can feel sluggish — especially when the affected applications are Microsoft’s own.
This isn’t the first time a Windows 11 24H2 update has caused headaches. The version has had a rocky rollout since its release in late 2024, with multiple updates triggering compatibility problems with third-party software, audio drivers, and even blue screen crashes. Microsoft temporarily blocked 24H2 from being offered to certain hardware configurations last year after discovering issues with specific SSD controllers and Intel audio drivers.
The pattern has drawn criticism from IT professionals who manage large Windows deployments. Enterprise administrators are forced into an uncomfortable position: delay security updates and risk exposure to known vulnerabilities, or deploy them promptly and risk operational disruptions like the one caused by KB5058405. Neither option is great.
Microsoft’s use of KIR as a remediation tool does show the company has invested in faster rollback capabilities. A few years ago, the only recourse would have been to uninstall the entire update — a process that could itself introduce instability. The ability to surgically reverse a single change within a cumulative update is a genuine improvement. But it doesn’t eliminate the frustration of the initial breakage, particularly when the affected software is tightly integrated into the operating system.
Some context on the scale of impact. WebView2 isn’t just used by Microsoft’s own applications. Third-party developers increasingly rely on it to embed web content in desktop apps. That means the CFG conflict introduced by KB5058405 may have affected a broader range of software than Microsoft has publicly acknowledged. Any application using WebView2 on an affected system could theoretically have experienced the same crashes or launch failures.
Microsoft hasn’t disclosed how many users were affected, and the company didn’t respond to requests for additional comment beyond its release health documentation. The KIR fix was listed without fanfare — no blog post, no prominent notification in Windows Update. Just a quiet entry in the known issues list.
For users still experiencing problems, the immediate steps are straightforward. Open Settings, go to Windows Update, and check for available updates. If a KIR-related update or optional patch appears, install it and restart the machine. Enterprise admins should consult Microsoft’s published Group Policy templates for the specific rollback configuration. Restarting the device after applying the policy is required for the change to take effect.
And if you haven’t installed KB5058405 yet? Microsoft hasn’t pulled the update from Windows Update. It’s still being offered as a required security patch. The company’s position appears to be that the security fixes contained in the update are important enough to warrant continued distribution, with the KIR mechanism serving as the cleanup crew for the collateral damage.
That calculus makes sense from a security standpoint. But it puts the burden on end users and IT teams to identify and resolve a problem that Microsoft’s own testing should have caught before release. The fact that the bug specifically broke Microsoft Edge — the company’s own browser, running on its own operating system, updated through its own infrastructure — is a particularly unflattering look.
So where does this leave Windows 11 users? In the short term, the fix is available and effective. In the longer term, incidents like this continue to erode confidence in the reliability of Microsoft’s update pipeline. The company has made real progress with mechanisms like KIR and the broader Windows Update for Business framework. But progress on rollback doesn’t mean much if the updates themselves keep breaking things. The goal should be fewer fires, not just faster fire trucks.
WebProNews is an iEntry Publication