microsoft has confirmed that the security update planned for April 2026 will include the psmounterex.sys driver on your vulnerable driver block list. This change causes some third-party backup programs that rely on the driver to mount images and create VSS snapshots to fail. The block was introduced to fix CVE-2023-43896, a high severity buffer overflow vulnerability that could allow privilege escalation or arbitrary code execution.
The affected software includes Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup, all running on Windows 11, Windows 10, and Windows Server.
What fails and what doesn’t
Creating a full image backup may still succeed on affected systems. Failures occur specifically during image mounting operations, meaning searching for backups or restoring them will not work. Users may see the error message “The backup failed because Microsoft VSS timed out during snapshot creation” or the error code VSS_E_BAD_STATE.
Event Viewer will display code integrity errors indicating that psmounterex.sys was blocked from loading. The relevant event to look for is event ID 3077 with policy ID {D2BDA982-CCF6-4344-AC5B-0B44427B6816} in the code integrity operational log.
How to check if your system is affected
- Right-click the Start button and choose Event Viewer.
- Navigate to Applications and Services Registrations > Microsoft > Windows > CodeIntegrity > Operational.
- Look for Event ID 3077 in the center panel.
If the event appears and mentions the psmounterex.sys driver in compliance mode, your system is affected.
Microsoft Recommended Fix for Backup Failures Caused by April 2026 Update
Microsoft recommends updating to a newer version of the affected backup application that uses drivers that are not on the blocked list. It is not recommended to uninstall or pause the April update, as blocking addresses an actively exploitable vulnerability. Backup software vendors are expected to release updated versions with compatible drivers.
The April 2026 update raised several issues, including issues beyond the backup driver block. Microsoft has confirmed that some Windows Server 2025 devices can boot into BitLocker recovery mode after installing KB5082063.
Additionally, out-of-band updates were released to fix Windows Server update failures and reboot loops on domain controllers caused by April security updates.
