Microsoft has confirmed that the security update scheduled for April 2026 will include the psmounterex.sys driver in its Vulnerable Driver Blocklist. This change causes some third-party backup programs that depend on the driver for mounting images and creating VSS snapshots to fail. The block was introduced to fix CVE-2023-43896, a high-severity buffer overflow vulnerability that could allow privilege escalation or arbitrary code execution.
Affected software includes Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup, all running on Windows 11, Windows 10, and Windows Server.
What Fails and What Does Not
Full image backup creation may still succeed on affected systems. The failures happen specifically during image-mount operations, which means browsing backups or restoring from them will not work. Users might see the error message "The backup has failed because Microsoft VSS has timed out during the snapshot creation" or the error code VSS_E_BAD_STATE.
Event Viewer will display Code Integrity errors indicating that psmounterex.sys was blocked from loading. The relevant event to look for is Event ID 3077 with Policy ID {D2BDA982-CCF6-4344-AC5B-0B44427B6816} in the Code Integrity Operational log.
How to Check If Your System Is Affected
- Right-click the Start button and choose Event Viewer.
- Navigate to Applications and Services Logs> Microsoft > Windows > CodeIntegrity > Operational.
- Look for Event ID 3077 in the center pane.
If the event appears and mentions the psmounterex.sys driver in enforcement mode, your system is affected.
Microsoft’s Recommended Fix for Backup Failures Caused by the April 2026 Update
Microsoft recommends updating to a newer version of the affected backup application that utilizes drivers not listed on the blocklist. Uninstalling or pausing the April update is not advised, as the block addresses an actively exploitable vulnerability. Backup software vendors are expected to release updated versions with compliant drivers.
The April 2026 update has led to several issues, including problems beyond the backup driver block. Microsoft has confirmed that some Windows Server 2025 devices may boot into BitLocker recovery mode after installing KB5082063.
In addition, out-of-band updates were released to fix Windows Server update failures and restart loops on domain controllers caused by the April security updates.
Thank you for being a Ghacks reader. The post April 2026 Windows Update Breaks Third-Party Backup Software by Blocking Vulnerable Driver appeared first on gHacks.
☞ El artículo completo original de Arthur Kay lo puedes ver aquí
No hay comentarios.:
Publicar un comentario