How to Use Known Issue Rollback to Fix Problems Caused by Windows Updates

Windows 10 Hero Good

The technology that underpins Known Issue Rollback first appeared in Windows 10 version 2004. Known Issue Rollback, or KIR for short, lets Microsoft and IT administrators quickly roll back non-security fixes that are causing functionality issues in Windows.

Known Issue Rollback is designed to help Microsoft and organizations keep Windows devices secure but make sure users remain productive. Because security and non-security fixes are bundled together in single monthly cumulative updates, KIR provides a way for Microsoft to disable problematic code in CUs without impacting security fixes or other non-security fixes in an update.

Known Issue Rollback for non-security bug fixes

KIR is a Windows servicing feature that lets Microsoft revert non-security fixes applied to Windows that might be impacting devices. Microsoft built KIR in response to customer feedback about Windows Update. In each monthly cumulative update (CU) that Microsoft releases for Windows, many of the included fixes support KIR. So, if a serious regression is discovered, instead of uninstalling a CU from Windows, KIR can be applied to effectively turn off the problematic code without affecting other improvements, fixes, and security updates in a CU.

Figure1 3
How to Fix Issues Caused by Windows Cumulative Updates using Known Issue Rollback (Image Credit: Microsoft)

KIR works at the code level. Windows developers keep the old code in place and add the required fix. If a fix needs to be reverted, KIR evaluates a policy to decide whether Windows should execute the old code path instead of the updated code that contains a fix or improved behavior. Fixes in monthly CUs are enabled by default. But Microsoft can change a policy setting, using Azure hosted services and Windows, to change the policy setting on a device and disable the fix, setting Windows to run the old code execution path.

Known Issue Rollback in practice

If Microsoft needs to revert of fix in an update because of reported problems, it makes a change in the cloud that is picked up by devices configured to use Windows Update or Windows Update for Business. The devices then apply the change at the next reboot and start executing the old code path. While the old code may also be problematic in some way, it is less likely to impact the device than the updated code pushed out in the latest CU for Windows.

Fix Windows Cumulative Updates
How to Fix Issues Caused by Windows Cumulative Updates using Known Issue Rollback (Image Credit: Microsoft)

The need to reboot before a fix is rolled back may seem problematic but Microsoft says that in most cases, the regression is detected, and the rollback is applied before the CU is installed. So, most users won’t need to reboot their systems or ever know that there was a problem with the CU. And additionally, the information collected from devices opted into providing diagnostic data allows Microsoft to see how well rollback is working across the ecosystem.

Managing Known Issue Rollback in the enterprise

Enterprises can manage KIR themselves. If Microsoft detects a regression in a CU that can be reverted using KIR, it publishes a Group Policy setting that is used to apply the rollback policy to devices managed by Windows Server Active Directory. If a Group Policy setting is available to roll back a fix, it is included in the Windows Update KB article and release notes as a mitigation for a known issue. Each Group Policy setting listed in a Windows Update KB article is unique to a specific issue.

KIR lifecycle is limited to a few months

KIR policy settings aren’t intended to be deployed long-term. Once Microsoft has addressed the problem in a CU it is reissued and the KIR policy setting, if enabled, can be removed from devices.

Which versions of Windows 10 support Known Issue Rollback?

Windows 10 version 2004, later versions of Windows 10, and Windows 11 support KIR. KIR was first designed to revert issues with user-mode processes. But newer versions of Windows support KIR rollback for the Windows kernel and boot loader, letting Microsoft revert fixes for kernel-mode processes.

Windows 10 versions 1809 and 1909 have limited support for KIR. Microsoft enables KIR rollback policy for Windows 10 versions 1809 and 1909 whenever possible.

Known Issue Rollback keeps you secure and productive

KIR goes some way to address concerns that IT departments have voiced since Microsoft started pushing out all fixes as a single monthly update. In the past, organizations were able to pick and choose which security fixes and non-security fixes they wanted to apply. But while a single monthly CU has some benefits, until the advent of KIR, if a fix caused a problem, in most cases all other security and non-security fixes needed to be removed from a system to fix a regression. Potentially leaving devices exposed to security threats.

Microsoft is planning to integrate KIR with Mobile Device Management (MDM) services, like Intune. And KIR will also soon support Hyper-V, Windows Defender Application Guard (WDAG), and System Guard processes.