What Is Known Issue Rollback KIR Process to Fix Issue

Microsoft Known Issue Rollback a.k.a KIR feature that is designed as a tool to react to emerging bugs quickly that are introduced by updates, It has great capability that can enable you to quickly recover from regressions without the risks associated with rolling back critical security protections. A KIR policy definition has a limited lifespan (a few months, at most). After Microsoft releases a new update that disables the new code on affected devicesto resolve the issue, the rollback is no longer necessary.

By using this technology, if a Windows update causes a regression or other problem, you don’t have to uninstall the entire update and return the system to the last known good configuration. You roll back only the change that caused the problem. This rollback is temporary.

Fixes in monthly CUs are enabled by default, If a fix turns out to have a problem, Enterprises will be able to control this policy. Azure hosted services and Windows work in tandem to update this policy-setting on the device and disable the problematic fix.

KIRs apply to only nonsecurity updates. This is because rolling back a fix for a nonsecurity update doesn’t create a potential security vulnerability.

What is Known Issue Rollback?

Known Issue Rollback (KIR), a new capability that can quickly return an impacted device back to productive use if an issue arises during a Windows update. It was originally designed for user-mode processes, with the latest improvements over the last year to the OS kernel and the boot loader to support this capability in kernel mode. The Known Issue Rollback capability will only work for non-security Windows 10 updates.

Known Issue Rollback works at the code level that provides Windows developers keep the old code in place and add the required fix. If a fix needs to be reverted, It evaluates a policy to determine whether Windows should execute the old code path instead of the updated code that contains a fix. If the policy states that the fix is enabled, then the new code runs and if the policy says that the fix is disabled, then the OS falls back to the old code-path.

Supported Platforms

Known Issue Rollback work came together in a functionally complete system beginning in Windows 10, version 2004.

Windows Version

  • Windows 10, Version 20H2 or later
  • Windows 10, Version 2004
  • Windows 10 versions 1809 and 1909 have partial support


  • Client and Server Editions of Windows
  • Binary Code Changes Only
  • User and Kernal Mode Support
  • Non-security fixes only

Coming Soon

  • MDM
  • Support for Hypervisor and Windows Defender Application Guard (WDAG)
  • System Guard Processes

How Known Issue Rollback works for the end user

When there is a known issue with a bug fix in an update, Microsoft can made configuration changes in the cloud. If your device is connected to Windows Update or Windows Update for Business, you will be notified about this change and it takes effect with the next reboot.

According to Microsoft, While these devices would still require a reboot, in most cases we have identified and published a rollback before most end user devices would have had the chance to even install the update containing the issue. In other words, most end users will never see the regression!

End User Microsoft Managed Scenario - Known Issue Rollback 
 Known Issue Rollback: Helping you keep Windows devices protected and productive
Credit – Microsoft | End User Microsoft Managed Scenario

How Known Issue Rollback Works in the Enterprise

For a Know Issue Rollback, Microsoft publishes a specific Group Policy on the Download Center that can be used to configure and apply a rollback policy (rolling back the code in the latest cumulative update or LCU) within an enterprise. A link to the Group Policy is included in the Windows Update KB article and release notes as mitigations for a “Known Issue.”

Enterprise devices are typically behind a Network Address Translation (NAT) and a firewall, which means they tend to be part of an Active Directory forest and are often managed using Group Policy.

Similar to the end-user scenario, devices that have opted into providing Microsoft with diagnostic data and send specific information about which code-path is being exercised, this data from both the end-user and enterprise scenario helps Microsoft to learn how well the rollback is succeeding in the ecosystem.

Enterprise Rollback Scenario 
 Known Issue Rollback: Helping you keep Windows devices protected and productive
Credit – Microsoft | Enterprise Rollback Scenario

That’s all for this post, In upcoming post you will see how to configure Group Policy to use a KIR policy definition that activates a KIR on managed devices.


Leave a Comment