Update failed: Cumulative Update for Windows 11, version 25H2 for x64-based Systems (KB5070773) (26200.6901)

[Distorted Vision]

I'm already running:

dism /Online /Get-Packages | findstr /I "KB5070773 KB5043080"

but parse the WindowsUpdate.log and dism_tail.txt in the meantime. It looks like it might take some time.

 

[ChatGPT]

Thanks — I’ll wait for your dism output to finish. A quick note: the WindowsUpdate.log you uploaded came through as a .rar and the forum extractor can’t read RARs reliably, so I couldn’t open the raw text yet. If you want me to parse the logs right away, please do one of these (pick whichever is easiest):
Option A — re‑upload two plain text files (recommended)

• Re-upload these as .txt (not .rar):
  • WindowsUpdate.log (the file you already created with Get-WindowsUpdateLog)
  • dism_tail.txt (the file created with Get-Content "$env:windir\Logs\DISM\dism.log" -Tail 200 | Out-File "$env:USERPROFILE\Desktop\dism_tail.txt")
    I can parse them immediately after you attach them.

Option B — produce small targeted extracts (fast to paste)
Run these three commands in an elevated PowerShell and paste the three small files (or paste the contents here):
1) Windows Update lines mentioning the KBs:
Select-String -Path "$env:USERPROFILE\Desktop\WindowsUpdate.log" -Pattern "KB5070773","KB5043080","Install","error" | Out-File "$env:USERPROFILE\Desktop\WU_extract.txt"
2) CBS lines that mention the error code:
Select-String -Path "$env:windir\Logs\CBS\CBS.log" -Pattern '0x800f0991' -CaseSensitive:$false | Out-File "$env:USERPROFILE\Desktop\CBS_0x800f0991.txt"
3) Last 200 lines of the DISM log:
Get-Content "$env:windir\Logs\DISM\dism.log" -Tail 200 | Out-File "$env:USERPROFILE\Desktop\dism_tail.txt"
Then attach WU_extract.txt, CBS_0x800f0991.txt and dism_tail.txt — each will be small and quick to parse.
While you run dism /Online /Get-Packages | findstr /I "KB5070773 KB5043080", paste that output here as soon as it’s ready — that will tell us whether any of the prerequisite packages already landed. If you prefer, I can stand by and parse the files the moment you attach them.
References I used when preparing the parsing steps and next actions (what I’ll look for in the logs): the manual‑MSU/DISM path and the exact log extraction commands I recommended earlier.
Tell me which upload option you’ll use (A or B) and I’ll parse immediately.

 

[Distorted Vision]

Microsoft Windows [Version 10.0.26200.5670]
(c) Microsoft Corporation. All rights reserved.

C:\Windows\System32>dism /Online /Get-Packages | findstr /I "KB5070773"

C:\Windows\System32>DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu"

Deployment Image Servicing and Management tool
Version: 10.0.26100.5582

Image Version: 10.0.26200.5670

Processing 1 of 1 - Expand
[==========================100.0%==========================]
[===========================73.0%========== ]
An error occurred - C:\Downloads\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu Error: 0x800f0991

Error: 0x800f0991

DISM failed. No operation was performed.
For more information, review the log file.

The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

C:\Windows\System32>

dism.log uploaded as dism.rar

 

[ChatGPT]

Thanks — that DISM output confirms the MSU failed during DISM /Add‑Package with 0x800f0991. I wasn’t able to open the RAR you uploaded, so I can’t read the DISM log yet. Two immediate, safe things:
1) While your dism /Get‑Packages command finishes, please run these three small commands (they create tiny .txt files on your Desktop) and attach the three .txt files here so I can parse the exact error lines:

• Save any package hits for the two KBs (quick check):
  dism /Online /Get-Packages | findstr /I "KB5070773 KB5043080" > "%USERPROFILE%\Desktop\Packages_check.txt"
• Extract any 0x800f0991 lines from CBS (tiny file):
  Select-String -Path "$env:windir\Logs\CBS\CBS.log" -Pattern '0x800f0991' -CaseSensitive:$false | Out-File "$env:USERPROFILE\Desktop\CBS_0x800f0991.txt"
• Tail the DISM log (last 300 lines so we get the error context):
  Get-Content "$env:windir\Logs\DISM\dism.log" -Tail 300 | Out-File "$env:USERPROFILE\Desktop\dism_tail.txt"

Attach Packages_check.txt, CBS_0x800f0991.txt and dism_tail.txt (plain .txt). Those are small and I’ll parse them immediately and give the single next action.
2) While you prepare the files — a short checklist of likely next steps (so you know what I’ll check in the logs)

• I’ll confirm whether a prerequisite MSU (example: windows11.0‑kb5043080‑x64.msu) is missing or not installed — if so, installing that first (via DISM) usually fixes the dependency and lets KB5070773 commit.
• If DISM reports “not applicable” or a dependency/servicing‑stack error, the logs will show the specific missing SSU or write/commit error and I’ll give the exact remedial command (install SSU, or DISM with a local source, or the in‑place repair if required).

If you prefer to try one immediate action yourself before attaching logs

• If you have the prerequisite MSU (KB5043080) downloaded to C:\Downloads, try:
  DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5043080-x64*.msu"
  and then re-run:
  DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5070773-x64*.msu"
• If you don’t have KB5043080, don’t install anything yet — attach the three .txt files and I’ll tell you exactly which package to download and the single command to run.

I’ll parse the small files as soon as you attach them and return a single, exact next command.

 

[Distorted Vision]

Option A

 

[ChatGPT]

Thanks — I see DISM failed with 0x800f0991 when it tried to expand/commit the KB5070773 MSU. That matches the pattern where the LCU needs a prerequisite SSU/MSU (or the servicing stack) and the package fails to commit.
Two quick things I need before I give the single next command:

• I couldn’t open the RAR you uploaded reliably — please re-upload three tiny plain-text files (instructions below) or paste their contents. Those files are small and will let me read the exact failure lines and tell you the one correct next action.

What to produce (run these in an elevated PowerShell / Administrator CMD — each creates a small .txt on your Desktop)
1) Packages check (confirms whether KB5043080 or KB5070773 are already recorded)
dism /Online /Get-Packages | findstr /I "KB5070773 KB5043080" > "%USERPROFILE%\Desktop\Packages_check.txt"
2) CBS error lines for the install code (tiny file)
Select-String -Path "$env:windir\Logs\CBS\CBS.log" -Pattern '0x800f0991' -CaseSensitive:$false | Out-File "$env:USERPROFILE\Desktop\CBS_0x800f0991.txt"
3) Tail of the DISM log (last 300 lines — gives commit context)
Get-Content "$env:windir\Logs\DISM\dism.log" -Tail 300 | Out-File "$env:USERPROFILE\Desktop\dism_tail.txt"
Attach the three files (Packages_check.txt, CBS_0x800f0991.txt, dism_tail.txt) and I’ll parse them immediately and give the single next fix.
Immediate alternative (if you want to try a fix now)

• Many systems that hit 0x800f0991 on KB5070773 succeed after installing the prerequisite MSU (example: windows11.0-kb5043080-x64.msu) first, then the KB5070773 MSU via DISM. If you already have windows11.0-kb5043080-x64*.msu downloaded to C:\Downloads you can try (elevated):
  DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5043080-x64_*.msu"
  DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu"
  Then reboot and verify: dism /Online /Get-Packages | findstr /I "KB5070773"
• Pause Kaspersky real‑time protection before trying these installs; re-enable it afterwards.

Which do you want now?
A) Re‑upload the three small .txt files I asked for and I’ll parse them immediately (recommended), or
B) Try the two DISM /Add‑Package commands above now (if you already have KB5043080 downloaded) and report back the DISM output — I’ll interpret it.
I’ll stand by and parse those files the moment you attach them.

 

[Distorted Vision]

CBS_0x800f0991.txt
Packages_check,txt

both empty files.

 

[ChatGPT]

Thanks — that’s useful. Empty Packages_check.txt and empty CBS_0x800f0991.txt mean DISM /Get‑Packages didn’t find KB5070773 or KB5043080 on the machine, and CBS didn’t contain any explicit 0x800f0991 lines (so the commit failure didn’t leave that exact code in CBS where we looked). That matches the DISM run you pasted which failed with 0x800f0991 while expanding the MSU.
Two short, next actions so I can give the single correct fix
1) Give me the exact DISM error context (I’ll parse and tell you the one next command)

• Run this in an elevated PowerShell — it extracts the DISM error area (small file) and the package list check again:
  Select-String -Path "$env:windir\Logs\DISM\dism.log" -Pattern '0x800f0991','Error','HRESULT','Failed' -CaseSensitive:$false -Context 3,8 | Out-File "$env:USERPROFILE\Desktop\dism_err_excerpt.txt"
  dism /Online /Get-Packages > "%USERPROFILE%\Desktop\Packages_full.txt"
• Attach the two files dism_err_excerpt.txt and Packages_full.txt (they’ll be small). I will parse them and give the exact one-line remediation (likely “install prerequisite MSU first” with the precise MSU name and command, or the precise DISM option to use).

Why this first: DISM already failed with 0x800f0991 when expanding the KB5070773 MSU — the DISM log contains the exact failure context (missing SSU, file write error, access denied, etc.. Parsing that excerpt returns a single deterministic next step.
—— Or, if you prefer to act now (one common fix)
2) Try the prerequisite-first DISM install (only if you already downloaded KB5043080)

• If you already have the prerequisite MSU (windows11.0‑kb5043080‑x64.msu) saved to C:\Downloads, run (elevated):
  DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5043080-x64_.msu"
  DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu"
  Restart-Computer
• Pause Kaspersky real‑time protection first (don’t uninstall). If you don’t have KB5043080 downloaded, don’t run this — attach the DISM excerpt and I’ll fetch the correct prerequisite and give the exact file name + one-line command. The MSU-prerequisite path is the recommended next step in cases like this.

If neither of those is convenient, the surefire fallback is an in‑place repair (keeps apps/files) — I can walk you through that if the logs point to a servicing‑stack mismatch.
Which do you want me to do now?
A) I’ll parse the DISM excerpt — I’ll wait while you run the two commands above and attach dism_err_excerpt.txt + Packages_full.txt (recommended), or
B) You want the “try now” commands to install KB5043080 then KB5070773 (only run if you already have KB5043080 downloaded), or
C) Skip to in‑place repair instructions.
If you choose A, paste/attach those two files and I’ll read them and give the single exact command to run next.

 

[Distorted Vision]

C:\Windows\System32>DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu"

Deployment Image Servicing and Management tool
Version: 10.0.26100.5582

Image Version: 10.0.26200.5670

Processing 1 of 1 - Expand

An error occurred - C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu Error: 0x80070228

Error: 552

The passed ACL did not contain the minimum required information.

The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

C:\Windows\System32>

 

[ChatGPT]

Thanks — that DISM error text is useful. 0x80070228 / Error 552 means an ACL/permission problem: “The passed ACL did not contain the minimum required information.” In short, DISM couldn’t access or write something it needed while expanding the MSU (so the package expansion/commit failed). This is different from a missing SSU/payload error — it’s a file/permission issue we can fix locally.
Do this next (safe, ordered — copy/paste exact commands from an elevated Administrator Command Prompt or PowerShell)
1) Pause Kaspersky (do this first)

• Open Kaspersky and pause real‑time protection (or temporarily disable the product). Don’t uninstall yet.

2) Check the MSU / folder ACLs (diagnose)

• View current ACL on the MSU:
  icacls "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu"
• If you see DENY entries or odd owners, continue to step 3.

3) Take ownership and grant Administrators full control (fix ACL)

• Take ownership of the file:
  takeown /F "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" /A
• Grant Administrators full control:
  icacls "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" /grant Administrators:F /C
• If you prefer to fix the entire Downloads folder (if other files are also protected):
  takeown /F "C:\Downloads" /R /D Y
  icacls "C:\Downloads" /grant Administrators:F /T /C

4) Retry the package install via DISM

• After adjusting ACLs, run:
  DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu"
• If that succeeds, then run the KB5070773 install the same way (or use DISM for KB5070773 too). The prerequisite-first path often solves sequencing issues as well.

5) If DISM still fails with an ACL or expand error — try these alternatives
A — Use a clean scratch/temp folder

• Create a scratch folder and point TEMP/TMP there before running DISM:
  mkdir C:\Scratch
  icacls C:\Scratch /grant Administrators:F /T /C
  set TEMP=C:\Scratch
  set TMP=C:\Scratch
  DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5043080-....msu"
  (Using a folder you created and granted rights to avoids problems when the default temp folder has restricted ACLs.

B — Extract the MSU and apply the CAB directly

• Expand the MSU to a folder, then add the .cab with DISM (this often bypasses expand ACL issues):
  mkdir C:\Downloads\KB5043080_extracted
  expand -F:* "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" C:\Downloads\KB5043080_extracted
• Find the .cab inside (e.g. *.cab) and run:
  DISM /Online /Add-Package /PackagePath:"C:\Downloads\KB5043080_extracted\<name>.cab"
• Then do the same for the KB5070773 .msu (extract → install .cab) if needed.

C — Run DISM with an explicit log excerpt so I can parse deeper

• If the commands still fail, produce a small error excerpt and attach it:
  Select-String -Path "$env:windir\Logs\DISM\dism.log" -Pattern 'Error','0x8007','0x800f','Failed' -Context 3,8 | Out-File "$env:USERPROFILE\Desktop\dism_err_excerpt.txt"
  dism /Online /Get-Packages > "%USERPROFILE%\Desktop\Packages_full.txt"
• Attach dism_err_excerpt.txt and Packages_full.txt and I’ll read the exact failure lines and give the single next action.

6) Quick checks / other causes to consider

• Make sure the MSU file is not blocked by Windows: right‑click the .msu → Properties → if “Unblock” is present, click it.
• Check Controlled Folder Access (Windows Security → Virus & threat protection → Ransomware protection) — temporarily turn Controlled folder access Off while you install.
• If you used a USB drive or network share for C:\Downloads, copy the MSU to local C: first and run from there.
• If you still see permission issues, check disk integrity: chkdsk C: /F (schedule and reboot if required).

7) If everything above fails

• The next reliable fix is an in‑place repair (Windows 11 Setup → “Upgrade this PC now” keeping files and apps). That repairs the servicing stack and usually resolves stubborn ACL/servicing errors. I’ll walk you through that if we reach it.

Recap — what to run now (recommended order)

1. Pause Kaspersky.
2. From elevated prompt run:
   icacls "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu"
   takeown /F "C:\Downloads\windows11.0-kb5043080-.msu" /A
   icacls "C:\Downloads\windows11.0-kb5043080-.msu" /grant Administrators:F /C
   DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5043080-*.msu"
3. If success, DISM /Add‑Package KB5070773 and reboot.
4. If failure, extract MSU and apply CAB (expand → DISM /Add‑Package on the .cab).
5. If still stuck, attach dism_err_excerpt.txt and Packages_full.txt and I’ll parse immediately and give the exact single next command.

Tell me which you’ll try:

• I’ll wait while you run the takeown/icacls + DISM commands and report the DISM output, OR
• If you prefer, run the expand→DISM CAB route now and paste the DISM output.

If you hit any error, paste the error text OR attach dism_err_excerpt.txt + Packages_full.txt and I’ll parse the precise failure line and tell you the one next step.

 

[Distorted Vision]

C:\Windows\System32>icacls "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu BUILTIN\AdministratorsI)(F) NT AUTHORITY\SYSTEMI)(F) BUILTIN\UsersI)(RX) NT AUTHORITY\Authenticated UsersI)(M) Successfully processed 1 files; Failed processing 0 files C:\Windows\System32>

 

[ChatGPT]

Good — your icacls output shows the MSU file already grants Administrators and SYSTEM Full control, so the ACL issue is less likely to be a simple file-owner problem. Next steps target the other common causes for 0x80070228 (ACL/minimum-ACL info) and the earlier 0x800f0991 commit failure: AV / Controlled‑Folder‑Access blocking, the file being “blocked” by Windows, TEMP/expand permissions, or a failing MSU expansion. Follow these steps in order (I’ll give exact copy/paste commands). I’ll wait for your results and will parse any logs you produce.
Important: run all commands in an elevated Administrator PowerShell / Command Prompt.
1) Pause Kaspersky + turn off Controlled Folder Access temporarily

• Pause all Kaspersky protection (real‑time, self‑defense) before proceeding. Don’t uninstall yet.
• Turn Controlled Folder Access off (Windows Security → Virus & threat protection → Ransomware protection → Controlled folder access → Off).
  Why: security products or Controlled Folder Access commonly block MSU expansion and cause ACL/permission errors. (We recommended pausing AV earlier when installing MSUs.

2) Confirm the file is not blocked by Windows (Unblock)
PowerShell (Admin):
PowerShell> Unblock-File -Path "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu"
Or check by right‑click → Properties → click Unblock if present.
3) Create a clean scratch folder and give Administrators full rights
(Use a folder we control so TEMP/TMP and expand operations aren’t blocked)
Admin CMD / PowerShell:
mkdir C:\Scratch
icacls C:\Scratch /grant Administrators:F /T /C
4) Copy the MSU to the scratch folder (avoid any odd metadata on Downloads)
Admin CMD:
copy "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" C:\Scratch\
5) Set TEMP/TMP to the scratch folder and retry DISM there
In the same elevated window (temporary for this shell only):
set TEMP=C:\Scratch
set TMP=C:\Scratch
DISM /Online /Add-Package /PackagePath:"C:\Scratch\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu"

• If that succeeds, then install KB5070773 the same way (copy its .msu into C:\Scratch and run DISM for it). Often using a scratch folder with explicit rights prevents expansion/ACL failures.

6) If DISM still fails — extract the MSU and install the .cab
This bypasses the MSU expand step which is where the ACL error commonly occurs.
Admin CMD:
mkdir C:\Scratch\KB5043080_extracted
expand -F:* "C:\Scratch\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" C:\Scratch\KB5043080_extracted
Find the .cab inside (example name: *.cab). Then:
DISM /Online /Add-Package /PackagePath:"C:\Scratch\KB5043080_extracted\<name>.cab"
Repeat for KB5070773 if needed (extract → find .cab → DISM add). Extracting first often avoids expand/ACL problems.
7) If extract fails or you still get errors — capture a small DISM error excerpt and the package list
If any command errors, run these and attach the two small text files (I’ll parse them and give the single next remediation):
Admin PowerShell (after reproducing the failing DISM):
Select-String -Path "$env:windir\Logs\DISM\dism.log" -Pattern 'Error','0x8007','0x800f','Failed' -Context 3,8 | Out-File "$env:USERPROFILE\Desktop\dism_err_excerpt.txt"
dism /Online /Get-Packages > "%USERPROFILE%\Desktop\Packages_full.txt"
Attach dism_err_excerpt.txt and Packages_full.txt and I’ll read the exact failure lines and tell you the one precise next command. (This is the same focused log-extraction approach we used earlier.
8) Other quick checks if you prefer to try them now

• Ensure the MSU is on local NTFS (not FAT, not network). Run: fsutil fsinfo volumeinfo C:\
• Run chkdsk if disk errors are possible: chkdsk C: /F (may schedule a reboot).
• If you still see permission/ACL errors but icacls shows Administrators and SYSTEM Full, check if there are any DENY ACEs on parent folders (icacls C:\Downloads and icacls C:\Scratch).
• As final fallback: perform an in‑place repair (Windows 11 Setup “Upgrade this PC now”) — this reliably repairs servicing stack issues if the manual MSU/CAB path fails. I’ll walk you through that if we get there.

What I want you to run now (recommended order)

1. Pause Kaspersky and turn off Controlled Folder Access.
2. Run Unblock‑File on the MSU.
3. Run the scratch-folder + TEMP approach (steps 3–5). If DISM succeeds, install KB5070773 and reboot.
4. If it fails, extract the MSU and DISM the CAB (step 6).
5. If still failing, run the DISM excerpt + Packages capture and attach the two files here.

If you want, I’ll wait while you run steps 1–5 and interpret the output live. Otherwise, run step 5 (the DISM commands) and attach dism_err_excerpt.txt and Packages_full.txt and I’ll parse them and give the one exact next action.
Reminder/citation: we previously saw the installers failing at expand/commit and recommended the prerequisite-first or DISM route — I’ll use the small DISM excerpt you produce to choose between “install prerequisite MSU first”, “use extracted CAB”, or “in-place repair” as the single next step.
Which do you want me to wait on and parse now: the DISM output from the scratch-folder attempt, or the dism_err_excerpt + Packages_full.txt if you hit the error again?

 

[Distorted Vision]

C:\Windows\System32>DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5043080-x64_*.msu" Deployment Image Servicing and Management tool Version: 10.0.26100.5582 Image Version: 10.0.26200.5670 Processing 1 of 1 - An error occurred - C:\Downloads\windows11.0-kb5043080-x64_*.msu Error: 0x8007007b Error: 123 The filename, directory name, or volume label syntax is incorrect. The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log C:\Windows\System32>DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" Deployment Image Servicing and Management tool Version: 10.0.26100.5582 Image Version: 10.0.26200.5670 Processing 1 of 1 - Expand An error occurred - C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu Error: 0x80070228 Error: 552 The passed ACL did not contain the minimum required information. The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log C:\Windows\System32>icacls "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu BUILTIN\AdministratorsI)(F) NT AUTHORITY\SYSTEMI)(F) BUILTIN\UsersI)(RX) NT AUTHORITY\Authenticated UsersI)(M) Successfully processed 1 files; Failed processing 0 files C:\Windows\System32>takeown /F "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" /A SUCCESS: The file (or folder): "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" now owned by the administrators group. C:\Windows\System32>icacls "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" /grant Administrators:F /C processed file: C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu Successfully processed 1 files; Failed processing 0 files C:\Windows\System32>takeown /F "C:\Downloads" /R /D Y SUCCESS: The file (or folder): "C:\Downloads" now owned by user "PATRE-DESKTOP\Rupesh Patre". SUCCESS: The file (or folder): "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" now owned by user "PATRE-DESKTOP\Rupesh Patre". SUCCESS: The file (or folder): "C:\Downloads\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu" now owned by user "PATRE-DESKTOP\Rupesh Patre". C:\Windows\System32>icacls "C:\Downloads" /grant Administrators:F /T /C processed file: C:\Downloads processed file: C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu processed file: C:\Downloads\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu Successfully processed 3 files; Failed processing 0 files C:\Windows\System32>DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" Deployment Image Servicing and Management tool Version: 10.0.26100.5582 Image Version: 10.0.26200.5670 Processing 1 of 1 - Expand An error occurred - C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu Error: 0x80070228 Error: 552 The passed ACL did not contain the minimum required information. The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log C:\Windows\System32>

 

[ChatGPT]

Thanks — useful results. Because you already owned/granted the files but DISM still fails with 0x80070228, the installer expansion is being blocked during the MSU expand step. The next reliable actions are to (A) run the install from a clean scratch folder with TEMP/TMP pointed there, and if that still fails (B) extract the MSU and install the contained CAB(s) directly. Follow these exact steps (run in an elevated Administrator PowerShell or CMD). I’ll wait while you try them and interpret any error output.
Step A — Pause security & prepare a clean scratch area
1) Pause Kaspersky real‑time protection (and any self‑defense).
2) Turn Controlled Folder Access off (Windows Security → Virus & threat protection → Ransomware protection → Controlled folder access → Off).
3) Create and set a clean scratch folder:
mkdir C:\Scratch
icacls C:\Scratch /grant Administrators:F /T /C
Step B — copy MSU to scratch, set TEMP/TMP, try DISM there
(copy to avoid any metadata / downloads ACL issues)
copy "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" C:\Scratch\
copy "C:\Downloads\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu" C:\Scratch\
Temporarily for this shell only:
set TEMP=C:\Scratch
set TMP=C:\Scratch
Then run (one at a time):
DISM /Online /Add-Package /PackagePath:"C:\Scratch\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu"
If that succeeds, repeat for KB5070773 (copy it into C:\Scratch and run DISM for it). If DISM succeeds, Restart-Computer and verify: dism /Online /Get-Packages | findstr /I "KB5070773"
Step C — If DISM still fails with expansion / ACL errors, extract the MSU and install the CAB directly
1) Make extraction folder:
mkdir C:\Scratch\KB5043080_extracted
2) Expand the MSU to that folder:
expand -F:* "C:\Scratch\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" C:\Scratch\KB5043080_extracted
3) Locate the .cab inside (e.g., *.cab). Then install the CAB with DISM:
DISM /Online /Add-Package /PackagePath:"C:\Scratch\KB5043080_extracted\<the-file-name>.cab"
Repeat the extract→DISM on KB5070773 if necessary.
Step D — If an extract step fails or DISM still errors, capture two small diagnostic files for me to parse
Run these (Admin) and attach the two resulting .txt files:
Select-String -Path "$env:windir\Logs\DISM\dism.log" -Pattern 'Error','0x8007','0x800f','Failed' -Context 3,8 | Out-File "$env:USERPROFILE\Desktop\dism_err_excerpt.txt"
dism /Online /Get-Packages > "%USERPROFILE%\Desktop\Packages_full.txt"
Attach dism_err_excerpt.txt and Packages_full.txt and I’ll parse the exact failure lines and give the single corrective command. If you hit an error in any step, paste the error text exactly (or attach those two files) and I’ll tell you the next single action.
If you prefer, I’ll wait while you run Step B (scratch/TEMP DISM) and then parse the output. Which do you want me to wait for — Step B results, or results from Step C (extraction)?

 

[Distorted Vision]

PS C:\WINDOWS\system32> Unblock-File -Path "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu"
PS C:\WINDOWS\system32> mkdir C:\Scratch


Directory: C:\


Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 23/10/2025 20:24 Scratch


PS C:\WINDOWS\system32> icacls C:\Scratch /grant Administrators:F /T /C
processed file: C:\Scratch
Successfully processed 1 files; Failed processing 0 files
PS C:\WINDOWS\system32> copy "C:\Downloads\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu" C:\Scratch\
PS C:\WINDOWS\system32> set TEMP=C:\Scratch
PS C:\WINDOWS\system32> set TMP=C:\Scratch
PS C:\WINDOWS\system32> DISM /Online /Add-Package /PackagePath:"C:\Scratch\windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu"

Deployment Image Servicing and Management tool
Version: 10.0.26100.5582

Image Version: 10.0.26200.5670

Processing 1 of 1 - Expand

The operation completed successfully.
PS C:\WINDOWS\system32> DISM /Online /Add-Package /PackagePath:"C:\Scratch\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu"

Deployment Image Servicing and Management tool
Version: 10.0.26100.5582

Image Version: 10.0.26200.5670

Processing 1 of 1 - Expand
[==========================100.0%==========================]
[===========================73.0%========== ]
An error occurred - C:\Scratch\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu Error: 0x800f0991

Error: 0x800f0991

DISM failed. No operation was performed.
For more information, review the log file.

The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
PS C:\WINDOWS\system32>

 

[ChatGPT]

Excellent — good progress. Two important observations from your last run:

• DISM successfully installed KB5043080 from C:\Scratch. That was the prerequisite step we expected.
• KB5070773 still failed with 0x800f0991 when DISM tried to apply it. That typically means the LCU failed to commit — often because a prerequisite (SSU) needs to be committed by a reboot, or because the commit step encountered a servicing/handler error.

Recommended immediate actions (in this order)
1) Verify package status (quick check)
Run (elevated) and paste the output here:
dism /Online /Get-Packages | findstr /I "KB5043080 KB5070773"
This shows whether KB5043080 is recorded as Installed / Pending / etc., and whether KB5070773 is visible.
2) Reboot now (very likely required)
Because you just installed the prerequisite KB5043080, reboot so it can commit. Many servicing stacks need a reboot between SSU and LCU installs.
Restart-Computer
After reboot, repeat the package check from step 1 and tell me the result.
3) Try the KB5070773 install again (after reboot)
Prefer DISM (we used it successfully for KB5043080). From an elevated prompt (you can keep TEMP/TMP pointed to C:\Scratch as before, or run directly now that you’ve rebooted):
DISM /Online /Add-Package /PackagePath:"C:\Downloads\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu"
Or, if you prefer the GUI/wusa route:
wusa "C:\Downloads\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu" /quiet /norestart
then Restart-Computer.
4) If it still fails — collect small targeted logs and attach them
If KB5070773 still fails after a reboot, run these (elevated) to produce tiny files on your Desktop and attach them:
Select-String -Path "$env:windir\Logs\DISM\dism.log" -Pattern '0x800f0991','Error','HRESULT','Failed' -Context 3,8 | Out-File "$env:USERPROFILE\Desktop\dism_err_excerpt.txt"
dism /Online /Get-Packages > "%USERPROFILE%\Desktop\Packages_full.txt"
Select-String -Path "$env:windir\Logs\CBS\CBS.log" -Pattern 'KB5070773','0x800f0991','error' -Context 3,8 | Out-File "$env:USERPROFILE\Desktop\CBS_excerpt.txt"
Get-WindowsUpdateLog -LogPath "$env:USERPROFILE\Desktop\WindowsUpdate.log"
Those files will be small — I’ll parse them immediately and give the single next remedial step (most likely: run the CAB directly, install a missing SSU, or do an in‑place upgrade).
Short checklist / reminders

• Keep Kaspersky paused and Controlled Folder Access off while installing.
• You already used the Scratch folder approach which fixed the KB5043080 expand problem — good.
• Reboot after KB5043080 so it can commit before applying KB5070773; that alone often fixes 0x800f0991 in this scenario.

Do this now: run the package check command I gave in step 1, then reboot. After the reboot either try installing KB5070773 or paste the package-check output and I’ll tell you whether to install now or collect logs first. Which will you do?

 

[Distorted Vision]

Before we go ahead. I copied windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu from C:\Downloads to C:\Scratch using Windows Explorer instead of commmand line / PowerShell. Does this make any difference?

 

[ChatGPT]

Short answer: No — copying the .msu with Explorer normally makes no functional difference to the file contents. It’s the same bytes. The things to watch for are metadata/streams and permissions (which can affect expand/commit), but you already handled the important ones.
Why it usually doesn’t matter

• A copy operation (Explorer or copy/PowerShell) copies the file data. DISM expands/installs from the file bytes, so the copy method doesn’t change the installer payload.
• The only real differences that can matter are: NTFS alternate data streams (Zone.Identifier / “blocked” mark), permissions/ownership, or if the copy moved the file across filesystems that don’t preserve NTFS features (e.g., FAT, network share with different ACL behavior).

What to check now (fast, one‑line commands; run elevated PowerShell)
1) Verify the copy is identical (recommended)
Get-FileHash -Algorithm SHA256 "C:\Downloads\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu"
Get-FileHash -Algorithm SHA256 "C:\Scratch\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu"
If the two hashes match, the file contents are identical.
2) Check for Zone.Identifier / other alternate streams (may cause “blocked” behavior)
Get-Item -Path "C:\Scratch\windows11.0-kb5070773-.msu" -Stream
If you see a Zone.Identifier stream, it means the file retains the “Mark of the Web.” You already ran Unblock-File earlier on KB5043080; if you haven’t unblocked this copy, do:
Unblock-File -Path "C:\Scratch\windows11.0-kb5070773-*.msu"
3) Confirm ACLs/ownership on the copy (we saw Downloads fixed; check Scratch)
icacls "C:\Scratch\windows11.0-kb5070773-*.msu"
If Administrators and SYSTEM have (F) and your account or Administrators is owner, ACLs are fine.
4) If everything above looks good — proceed exactly as planned

• Reboot to commit KB5043080 (you installed it successfully).
  Restart-Computer
• After reboot, run the package check:
  dism /Online /Get-Packages | findstr /I "KB5043080 KB5070773"
• Then install KB5070773 from your Scratch folder using the same method that worked for KB5043080:
  DISM /Online /Add-Package /PackagePath:"C:\Scratch\windows11.0-kb5070773-....msu"
  (or wusa "C:\Scratch..." /quiet /norestart then reboot)

Why I suggested the Scratch approach earlier

• Using a fresh folder you create and grant full rights to avoids inherited or Download-folder oddities (ACLs, controlled‑folder access, downloads manager metadata). Copying via Explorer to C:\Scratch accomplishes the same goal.

If you want me to double‑check anything now

• Run the Get-FileHash on the C:\Scratch copy and paste the output (or the two hashes if you still have the Downloads copy) — I’ll confirm they match the catalog hash you checked earlier.
• Or proceed with the reboot + install steps and tell me the DISM output; if it fails again I’ll parse the small dism_err_excerpt.txt / Packages_full.txt as described.

Shall I wait while you reboot and try KB5070773, or do you want to run the hash/stream checks first?

 

[Distorted Vision]

Rebooted and trying KB5070773. Please wait and don't post any commands or suggestions.
This seems like a good time to break for dinner.

C:\Windows\System32>dism /Online /Get-Packages | findstr /I "KB5043080 KB5070773"

C:\Windows\System32>DISM /Online /Add-Package /PackagePath:"C:\Scratch\windows11.0-kb5070773-x64_b235da912270f84b761402e9511000a4f500b4ac.msu"

Deployment Image Servicing and Management tool
Version: 10.0.26100.5582

Image Version: 10.0.26200.5670

Processing 1 of 1 - Expand
[==========================100.0%==========================]
[===== 10.0% ]