Skip to main content
TechnologyMay 5, 2026· 2 min read

Microsoft Confirms: Blocking Vulnerable Drivers Disrupts April Backups

The release of April 2026 security patches for Windows has introduced significant complications for users and administrators relying on third-party backup solutions. Microsoft has officially confirmed that installing the latest updates is causing systematic failures in backup operations, particularly for software using the kernel driver psmounterex.sys.

The problem manifests as an inability to mount image files as virtual drives, effectively rendering data browsing and recovery procedures inaccessible for previously saved data. The root of the malfunction is actually a deliberate security choice. Redmond has included the incriminated driver in the Vulnerable Driver Blocklist, a necessary hardening measure to mitigate the vulnerability CVE-2023-43896. This is a high-severity buffer overflow security defect that would allow malicious actors to gain privilege escalation or execute arbitrary code on the victim's system. The protection has created an immediate conflict with the Volume Shadow Copy Service (VSS) workflow.

Backup Issues on Windows After April Updates

The list of affected products is quite extensive and includes popular solutions in both consumer and enterprise environments. Confirmed names include Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup.

The abnormal behavior has been detected across a wide range of operating system versions, including Windows 11, Windows 10, and various editions of Windows Server.

From an operational standpoint, users may find themselves in an ambiguous situation: creating full backups may occasionally succeed, but the problem arises during the snapshot management phase. Typical error messages report a Microsoft VSS service timeout during snapshot creation or the error state VSS_E_BAD_STATE. Essentially, the integrity of Windows code prevents the vulnerable driver from loading, blocking the necessary communication between backup software and virtual hardware.

For IT admins diagnosing whether the failure is indeed due to Microsoft’s new policy, a specific trace is available in system logs. It is necessary to consult the Event Viewer by following the path Application and Services Logs > Microsoft > Windows > CodeIntegrity > Operational. The definitive proof of the block is the presence of Event ID 3077, accompanied by the Policy ID {D2BDA982-CCF6-4344-AC5B-0B44427B6816}. This event explicitly indicates that the driver psmounterex.sys has been rejected in enforcement mode.

Microsoft has taken a very firm stance on the matter, strongly advising against uninstalling or suspending the April security updates to restore backup functionality. The official recommendation is to upgrade backup software to the latest versions released by the respective vendors, which should incorporate correct drivers compliant with the new security directives.

In addition to the issues related to VSS, the distribution of the April patches has brought other criticalities, such as forced booting into BitLocker recovery mode for some Windows Server 2025 devices (KB5082063) and previous reboot loops on other server systems, resolved only through out-of-band (OOB) releases.

Leica Galerie Milano Will Host the Photography Exhibition A Street Diary with Images by Phil PenmanMOVA 1000: the LiDAR 3D lawn mower robot with zero perimeter wire now at only €711 on Amazon (-41% discount)