Microsoft confirms April Windows updates disrupt backup applications, specifically impacting third-party software leveraging the `psmounterex.sys` driver. This critical issue, first reported around April 29, 2026, by users and Microsoft MVP Susan Bradley, leads to failures in Volume Shadow Copy Service (VSS) snapshots, resulting in VSS service timeouts and subsequent backup failures across a range of Windows devices.
Who is affected by backup failures?
Users running Windows 10, Windows 11 (versions 24H2 and 25H2), and Windows Server devices that have installed the April 2026 security updates are experiencing these disruptions. The problem extends to numerous third-party backup applications, including prominent names like Macrium Reflect (versions 8.1.7544 and earlier), Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup. The widespread nature of this issue underscores the importance of understanding its technical underpinnings for anyone managing critical data.
Why are April Windows updates causing these issues?
The core of the problem lies within the April 2026 Windows security updates, notably KB5083769 for Windows 11. These updates introduce a significant security hardening change, specifically adding the `psmounterex.sys` kernel driver to Microsoft’s vulnerable driver blocklist. This driver is blocked due to a high-severity buffer overflow vulnerability (CVE-2023-43896), which could potentially allow attackers to escalate privileges or execute arbitrary code on affected systems. Microsoft’s intentional decision to block this driver is a security measure to protect devices from this known exploit, even if it causes user-visible failures.
“Microsoft is prioritizing security by accepting user-visible failures to prevent vulnerable drivers from loading, a testament to their commitment to system integrity.”
When Windows Code Integrity enforcement blocks the vulnerable driver, users may encounter several symptoms. These include backup applications failing to mount backup image files as virtual drives, errors or timeouts when attempting to browse or restore from a backup image, and specific error messages such as “The backup has failed because Microsoft VSS has timed out during the snapshot creation” or “VSS_E_BAD_STATE”. Event Viewer logs may also show Code Integrity errors (Event ID 3077) indicating that `psmounterex.sys` was blocked from loading. While full image backups might still succeed, image-mount operations will fail, severely limiting recovery capabilities. This issue began after the installation of Windows updates released on or after April 14, 2026, with reports of broken backups surfacing around April 29, 2026.
Resolution and further steps
Microsoft strongly advises against uninstalling or pausing the April security updates, emphasizing the critical security benefits they provide. Instead, the recommended course of action for affected users is to update their backup applications to newer versions. These updated applications are expected to utilize revised drivers and incorporate the necessary protections to bypass the `psmounterex.sys` block. The `psmounterex.sys` driver will remain on Microsoft’s vulnerable driver blocklist indefinitely. While a temporary registry workaround exists to disable the vulnerable driver blocklist enforcement, it inherently weakens Windows security and should only be considered as a very short-term solution by advanced users aware of the associated risks. Staying informed on related Tech news is crucial for managing these evolving security challenges.
In conclusion, the recent Microsoft confirms April Windows updates disrupt backup applications scenario highlights a critical balance between robust security and operational functionality. While the immediate impact on backup processes is significant, Microsoft’s stance underscores the paramount importance of system security against known vulnerabilities. Users are urged to prioritize updating their backup software to maintain both data integrity and system protection.




