Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET!
Windows 10

How to Use Known Issue Rollback to Fix Problems Caused by Windows Updates

The technology that underpins Known Issue Rollback first appeared in Windows 10 version 2004. Known Issue Rollback, or KIR for short, lets Microsoft and IT administrators quickly roll back non-security fixes that are causing functionality issues in Windows.

Known Issue Rollback is designed to help Microsoft and organizations keep Windows devices secure but make sure users remain productive. Because security and non-security fixes are bundled together in single monthly cumulative updates, KIR provides a way for Microsoft to disable problematic code in CUs without impacting security fixes or other non-security fixes in an update.

Known Issue Rollback for non-security bug fixes

KIR is a Windows servicing feature that lets Microsoft revert non-security fixes applied to Windows that might be impacting devices. Microsoft built KIR in response to customer feedback about Windows Update. In each monthly cumulative update (CU) that Microsoft releases for Windows, many of the included fixes support KIR. So, if a serious regression is discovered, instead of uninstalling a CU from Windows, KIR can be applied to effectively turn off the problematic code without affecting other improvements, fixes, and security updates in a CU.

How to Fix Issues Caused by Windows Cumulative Updates using Known Issue Rollback (Image Credit: Microsoft)

KIR works at the code level. Windows developers keep the old code in place and add the required fix. If a fix needs to be reverted, KIR evaluates a policy to decide whether Windows should execute the old code path instead of the updated code that contains a fix or improved behavior. Fixes in monthly CUs are enabled by default. But Microsoft can change a policy setting, using Azure hosted services and Windows, to change the policy setting on a device and disable the fix, setting Windows to run the old code execution path.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Known Issue Rollback in practice

If Microsoft needs to revert of fix in an update because of reported problems, it makes a change in the cloud that is picked up by devices configured to use Windows Update or Windows Update for Business. The devices then apply the change at the next reboot and start executing the old code path. While the old code may also be problematic in some way, it is less likely to impact the device than the updated code pushed out in the latest CU for Windows.

Fix Windows Cumulative Updates
How to Fix Issues Caused by Windows Cumulative Updates using Known Issue Rollback (Image Credit: Microsoft)

The need to reboot before a fix is rolled back may seem problematic but Microsoft says that in most cases, the regression is detected, and the rollback is applied before the CU is installed. So, most users won’t need to reboot their systems or ever know that there was a problem with the CU. And additionally, the information collected from devices opted into providing diagnostic data allows Microsoft to see how well rollback is working across the ecosystem.

Managing Known Issue Rollback in the enterprise

Enterprises can manage KIR themselves. If Microsoft detects a regression in a CU that can be reverted using KIR, it publishes a Group Policy setting that is used to apply the rollback policy to devices managed by Windows Server Active Directory. If a Group Policy setting is available to roll back a fix, it is included in the Windows Update KB article and release notes as a mitigation for a known issue. Each Group Policy setting listed in a Windows Update KB article is unique to a specific issue.

KIR lifecycle is limited to a few months

KIR policy settings aren’t intended to be deployed long-term. Once Microsoft has addressed the problem in a CU it is reissued and the KIR policy setting, if enabled, can be removed from devices.

Which versions of Windows 10 support Known Issue Rollback?

Windows 10 version 2004, later versions of Windows 10, and Windows 11 support KIR. KIR was first designed to revert issues with user-mode processes. But newer versions of Windows support KIR rollback for the Windows kernel and boot loader, letting Microsoft revert fixes for kernel-mode processes.

Windows 10 versions 1809 and 1909 have limited support for KIR. Microsoft enables KIR rollback policy for Windows 10 versions 1809 and 1909 whenever possible.

Known Issue Rollback keeps you secure and productive

KIR goes some way to address concerns that IT departments have voiced since Microsoft started pushing out all fixes as a single monthly update. In the past, organizations were able to pick and choose which security fixes and non-security fixes they wanted to apply. But while a single monthly CU has some benefits, until the advent of KIR, if a fix caused a problem, in most cases all other security and non-security fixes needed to be removed from a system to fix a regression. Potentially leaving devices exposed to security threats.

Microsoft is planning to integrate KIR with Mobile Device Management (MDM) services, like Intune. And KIR will also soon support Hyper-V, Windows Defender Application Guard (WDAG), and System Guard processes.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.


Sponsored By