Microsoft confirms April Windows updates cause backup failures

Key Points:

• Microsoft confirmed that the April 2026 security updates cause failures in third-party backup applications using the psmounterex.sys driver, affecting software relying on VSS snapshots such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup on Windows 10, 11, and Server devices.
• The issue stems from a security hardening change that added psmounterex.sys to Microsoft's vulnerable driver blocklist to mitigate a high-severity buffer overflow vulnerability (CVE-2023-43896) that could allow privilege escalation or arbitrary code execution.
• Impacted backup applications may fail to mount backup images as virtual drives, resulting in errors, timeouts, or VSS service failures, although full image backup creation may still succeed; Event Viewer logs may show Code Integrity errors indicating the driver was blocked.
• Microsoft advises affected users to update their backup applications to versions using newer, compliant drivers and warns against uninstalling or pausing the security update to maintain system protection.
• Users can check if the driver is blocked by reviewing Event ID 3077 with Policy ID {D2BDA982-CCF6-4344-AC5B-0B44427B6816} in the Code Integrity Operational log via Event Viewer; this month, Microsoft also cautioned about BitLocker recovery mode issues on some Windows Server 2025 devices after installing update KB5082063.