Microsoft confirms: April 2026 security updates cause malfunctions in backup software
Microsoft has confirmed that the April 2026 security updates are causing malfunctions in third-party backup applications that use the psmounterex.sys driver. This issue, first reported by BleepingComputer, affects software that leverages Volume Shadow Copy Service (VSS) snapshots, causing failures due to a VSS service timeout.
Among the affected software are products like Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup, installed on Windows 11, Windows Server, and Windows 10 devices. Users report errors during snapshot creation or backup restoration, with error messages such as "Backup failed because Microsoft VSS timed out during snapshot creation" or VSSEBAD_STATE.
Security changes and vulnerabilities
Microsoft explained that the April updates include a security change that adds the psmounterex.sys driver to the list of blocked vulnerable drivers. This measure aims to protect users from attacks exploiting a high-severity buffer overflow vulnerability, identified as CVE-2023-43896, which allows attackers to elevate privileges or execute arbitrary code.
The Redmond giant advised affected users to update to the latest versions of backup applications, which include protected and compatible drivers with the new blocking policy. Microsoft has discouraged uninstalling or suspending the security update, emphasizing the importance of keeping protections active.
Anomalous behaviors and solutions
In affected systems, where the vulnerable driver is blocked by Windows' Code Integrity mechanism, IT administrators and users may encounter various anomalous behaviors. For example, backup applications that rely on the psmounterex.sys driver may fail to mount backup image files as virtual disks. Additionally, attempts to explore or restore from a backup image may result in errors or timeouts.
To verify if the psmounterex.sys driver is blocked from the list of vulnerable drivers, users can look for Event ID 3077 with Policy ID {D2BDA982-CCF6-4344-AC5B-0B44427B6816} in the Code Integrity operational log. This step can be performed via Event Viewer, navigating to the section 'Applications and Services Logs\Microsoft\Windows\CodeIntegrity\Operational'.
Other issues related to April updates
In addition to problems with backup applications, Microsoft recently reported that some Windows Server 2025 devices may enter BitLocker recovery mode after installing the KB5082063 update. To resolve this and other issues, Microsoft has released out-of-band (OOB) updates to fix malfunctions causing failures in updating installations and reboot loops in Windows Server systems.
Implications for backup management
For those managing backups, it is crucial to adopt robust security and recovery strategies. Microsoft has also announced an upcoming webinar titled "From phishing to fallout: why MSPs must rethink both security and recovery," which explores how attacks and system malfunctions can impact the recovery process and what organizations can do to improve resilience.
Final considerations
These recent developments underscore the importance of keeping backup software up to date and following Microsoft's guidelines to ensure compatibility with the latest security updates. Users and IT administrators are invited to closely monitor systems and implement the recommended solutions to mitigate risks associated with these vulnerabilities.
Context and Market Trends
The recent issues with Microsoft's April 2026 security updates highlight a concerning trend in the cybersecurity landscape. According to industry experts, attacks based on driver vulnerabilities are becoming increasingly sophisticated, with hackers combining multiple zero-days to bypass system protections. This scenario requires a proactive approach from organizations, which must not only update their software but also implement self-validation solutions to identify and close vulnerabilities in a timely manner.
Impact on Small and Medium Enterprises (MSP)
The problems related to the April 2026 updates have a significant impact on Small and Medium Enterprises (MSP) that manage backups for their clients. The need to ensure operational continuity and data protection is crucial. Microsoft has responded with out-of-band (OOB) updates to resolve BitLocker boot issues and reboot loops on Windows Server 2025, but MSPs must remain vigilant and adopt robust disaster recovery strategies.
Alternative Solutions and Best Practices
Some users have reported that alternative backup software, such as Image for Windows by Terabyte Unlimited, has not been affected by the issues related to psmounterex.sys. This suggests that diversifying backup solutions could be an effective strategy to mitigate risks. Additionally, it is essential to closely monitor system logs to promptly identify any driver blocks and take corrective measures.
Future Perspectives and Innovations
The future of backup management and cybersecurity points towards autonomous and AI-based solutions. Self-validation, which uses rich contexts to identify vulnerabilities and verify the effectiveness of protections, represents a significant step forward. Events like the Autonomous Validation Summit offer the opportunity to delve into these technologies and understand how they can be integrated into business processes.
The recent developments underscore the importance of a holistic approach to cybersecurity. Organizations must not only update their systems but also invest in innovative solutions and diversified backup strategies to ensure resilience and operational continuity.
Editorial Note and Disclaimer
The guides and content published on GoYou are the result of independent research and analysis activities, for informational, educational, and in-depth purposes.
GoYou does not constitute a journalistic publication or an editorial product pursuant to Law No. 62/2001 and does not perform real-time information activities.
The GoYou project does not provide professional, technical, legal, or financial advice and disclaims any liability for the improper use of the information published.
In the Crypto sector, every investment involves risks: readers are invited to always inform themselves independently before making any decision.