psmounterex.sys backup – Microsoft says April 2026 Windows security updates can block psmounterex.sys, causing failures in VSS-based backup apps to mount images.
One of the less visible effects of a security patch has surfaced: Microsoft says its April 2026 Windows updates can break certain third-party backup workflows that rely on the psmounterex.sys driver.
In a new clarification. Misryoum reports that the problem is tied to backup products using Windows Volume Shadow Copy Service (VSS) snapshots.. When VSS operations hit a timeout. backup software may fail during snapshot creation or struggle later when it tries to mount backup images as virtual drives.
For IT teams, this is a reminder that “security update” and “backup reliability” are no longer separate concerns. Even when the patch is meant to reduce risk, compatibility issues can surface in day-to-day recovery processes.
Microsoft attributes the changes to a security hardening step that adds psmounterex.sys to its vulnerable driver blocklist.. The goal is to help protect systems against a high-severity buffer overflow vulnerability in the driver (CVE-2023-43896). which could allow attackers to escalate privileges or run arbitrary code.
The affected backup software reported by Misryoum includes applications that support image mounting and VSS-based snapshot workflows across Windows 10. Windows 11. and Windows Server.. That impact can show up as timeouts. restore or browse errors. or VSS-related failure states when a backup app attempts to manage images via the blocked kernel driver.
From a security operations standpoint, this matters because driver blocklisting is a protective move, but it can also change how backup tooling interacts with Windows at the kernel level.
On systems where Windows Code Integrity enforcement blocks the driver. Microsoft notes that mount operations are the most likely to fail. while some backup creation tasks may still proceed.. Users and administrators may also see Code Integrity errors indicating the driver was blocked from loading. along with VSS messages such as snapshot timing out or VSS_E_BAD_STATE.
Microsoft also advises against uninstalling or pausing the April update.. Instead. Misryoum notes that organizations should update affected backup applications to newer versions that use updated drivers compatible with the blocklist protections. and then validate that mounting and restore operations work as expected.
If you’re troubleshooting, Misryoum highlights that administrators can check the Windows Code Integrity Operational log for a specific Event ID 3077 entry in enforcement mode, which indicates the driver was blocked.
The bigger takeaway is operational: if your organization depends on image mounting and VSS snapshots for recovery testing, don’t treat patching as a purely defensive step. Validate backups after updates so security hardening does not accidentally undermine your ability to restore.