Microsoft has confirmed that it is included in a security update released in April 2026. psmounterex.sys driver in its vulnerable driver blocklist. This change causes some third-party backup programs to fail that rely on the driver to mount images and create VSS snapshots. The block was introduced to fix CVE-2023-43896, a high-severity buffer overflow vulnerability that could allow privilege escalation or arbitrary code execution.
Affected software includes Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and Ninjaavan Backup, all running on Windows 11, Windows 10, and Windows Server.
What fails and what doesn’t
Creating a full image backup on the affected system may still be successful. Failures typically occur during image-mount operations, meaning that browsing backups or restoring from them will not work. Users may see the error message “Backup failed because Microsoft VSS timed out during snapshot creation” or the error code VSS_E_BAD_STATE.
Event Viewer will display code integrity errors indicating that psmounterex.sys was blocked from loading. The relevant event code to look for is Event ID 3077 with Policy ID {D2BDA982-CCF6-4344-AC5B-0B44427B6816} in the Integrity Operational Log.
How to check if your system is affected
- Right-click the Start button and select Event Viewer.
- Navigate to Application and Service Logs > Microsoft > Windows > CodeIntegrity > Operational.
- look for Event ID 3077 In the middle panel.
If the event appears and mentions the psmounterex.sys driver in enforcement mode, your system is affected.
Microsoft’s recommended fix for backup failures caused by the April 2026 Update
Microsoft recommends updating to a newer version of affected backup applications that use drivers that are not listed in the blocklist. Uninstalling or pausing the April Update is not advised, as the block actively addresses the exploitable vulnerability. Backup software vendors are expected to release updated versions with compatible drivers.
The April 2026 update caused a number of issues, including problems beyond the backup driver block. Microsoft has confirmed that some Windows Server 2025 devices may boot into BitLocker recovery mode after installing KB5082063.
Additionally, out-of-band updates were released to fix Windows Server update failures and restart loops on domain controllers caused by the April security update.
