Quote:Microsoft has confirmed that the security update scheduled for April 2026 will include the psmounterex.sys driver in its Vulnerable Driver Blocklist. This change causes some third-party backup programs that depend on the driver for mounting images and creating VSS snapshots to fail. The block was introduced to fix CVE-2023-43896, a high-severity buffer overflow vulnerability that could allow privilege escalation or arbitrary code execution.

Affected software includes Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup, all running on Windows 11, Windows 10, and Windows Server.

What Fails and What Does Not

Full image backup creation may still succeed on affected systems. The failures happen specifically during image-mount operations, which means browsing backups or restoring from them will not work. Users might see the error message "The backup has failed because Microsoft VSS has timed out during the snapshot creation" or the error code VSS_E_BAD_STATE.

Event Viewer will display Code Integrity errors indicating that psmounterex.sys was blocked from loading. The relevant event to look for is Event ID 3077 with Policy ID {D2BDA982-CCF6-4344-AC5B-0B44427B6816} in the Code Integrity Operational log.

Continue Reading...