Search 10,000+ fixes & guides ⌘K Write a guide
News 3 min read

Microsoft confirms April Windows updates cause backup failures

Microsoft says April Windows updates block psmounterex.sys, causing backup image mount failures on Windows systems, and urges updating affected backup apps

Olivia Morelli ·
0 Comments
5 minutes Windows 11, Windows 10, Windows Server 2025

Microsoft confirms April Windows updates are blocking backup image mounts on affected systems

Microsoft says the April 2026 security updates are triggering failures in third-party backup applications that use psmounterex.sys.

Microsoft has confirmed that the April 2026 security updates are causing failures in third-party backup applications that rely on the psmounterex.sys driver. The issue affects software that uses VSS, or Volume Shadow Copy Service, snapshots, and it can stop backup image files from mounting as virtual drives.

The impact reaches users on Windows 11, Windows Server, and Windows 10 devices. Microsoft says backup creation may still complete, but image-mount operations can fail, which leaves browsing or restoring from a backup image blocked by errors or timeouts.

Microsoft’s support documents now say the updates introduced a security hardening change that adds psmounterex.sys to the company’s vulnerable driver blocklist. The company made that change to defend users against attacks targeting CVE-2023-43896, a high-severity buffer overflow vulnerability that can allow privilege escalation or arbitrary code execution.

The affected behavior is most visible in applications such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup. Event Viewer can also show Code Integrity errors, including Event ID 3077, when the driver is blocked from loading.

Microsoft said the update is not something it recommends uninstalling or pausing. Instead, it told affected customers to move to newer application versions that use updated drivers with the required protections and to validate those versions against the driver blocklist.

The pattern matches what backup software does when it mounts an image for access. VSS snapshots create a consistent point-in-time view of the system, and that snapshot is then exposed through driver-assisted mounting so files can be browsed or restored. When the driver that handles that mounting is blocked, the backup set can still exist while the access path fails.

That separation explains why the problem looks selective. A full image backup may succeed, yet the later restore or browse action can fail because the driver needed for the mount never loads. The failure then appears in the backup application, in the VSS path, or in Code Integrity logs depending on where the software reports the block.

Microsoft’s decision also reflects the broader purpose of the vulnerable driver blocklist. The blocklist is meant to stop known risky kernel drivers from loading after they have been tied to an exploitable weakness, even when those drivers still sit inside legitimate software stacks. In this case, the security control protects Windows by breaking a dependent backup workflow.

Earlier this month, Microsoft also warned that some Windows Server 2025 devices may boot into BitLocker recovery mode after installing KB5082063. Separately, the company released out-of-band updates to fix installation failures and restart loops on some Windows Server systems after the April 2026 security updates.

“In the April 2026 Windows security update, we added known vulnerable kernel driver psmounterex.sys to the Vulnerable Driver Blocklist. Backup applications that rely on this driver may experience failures when attempting to mount or manage disk images,” Microsoft told BleepingComputer.

“We do not recommend uninstalling or pausing this update. Customers with an impacted driver should install the latest application versions and validate against the driver blocklist to remain protected.”

To confirm the issue, Microsoft pointed users to Event Viewer and the CodeIntegrity log path where Event ID 3077 appears. The company’s guidance is aimed at admins who need to verify that the blocklist, not the backup data itself, is what prevented the mount operation from completing.

The current status is that Microsoft has acknowledged the failure, tied it to the April 2026 security changes, and advised updating the affected backup software rather than removing the Windows update.

Šaltinis: BleepingComputer

Did this fix work for you?
Olivia Morelli

Written by

Olivia Morelli
Windows Systems Expert
Windows error repair BSOD troubleshooting System file corruption Registry repair Windows Update failures

Olivia Morelli is a Windows systems expert specialising in diagnosing and repairing OS-level errors. She has spent nearly a decade writing guides that help everyday users recover from BSODs, corrupt system files, broken Windows installations, and failed update rollouts. Her methodical troubleshooting approach — starting with built-in tools before escalating to manual repairs — reflects years of practical experience supporting users across Windows 7, 8, 10 and 11. Olivia's guides are known for their clarity, completeness, and the care she takes to explain not just the fix but why the problem occurred.

434 guides published All articles →
0 Comments

Be the first to comment

Log in to post your comment
Log in to comment

Still worried? Run a free check.

Paste any URL or domain — we'll scan it against 4.2M known threats in 10 seconds.

View full scanner → Add to your website →