Microsoft Confirms April 2026 Update Triggers Backup Issues Linked to Kernel Driver Blocking

Microsoft has confirmed that April 2026 security updates introduce new protections that block vulnerable kernel drivers, and some backup tools are already impacted (via BleepingComputer). The change is part of Microsoft’s security hardening, which prevents known risky third-party drivers from loading. One affected component is psmounterex.sys, related to CVE-2023-43896, which raises compatibility concerns for backup workflows.

What changes after April 2026 update

After installing updates released on or after April 14, 2026, users may notice backup applications behaving differently. Tools relying on psmounterex.sys can fail when mounting disk image backups as virtual drives. In some cases, accessing or restoring backups may trigger errors or timeouts, affecting recovery operations that depend on virtual image mounting.

Even if full backup creation still succeeds, image mounting may fail during use. Some systems may show errors such as VSS timeout messages or VSS_E_BAD_STATE linked to snapshot creation issues. Event Viewer can also log Code Integrity warnings confirming that psmounterex.sys was blocked under Microsoft’s vulnerable driver blocklist enforcement. Here’s a quick look at the behavior users and IT admins might encounter:

• Backup applications that rely on the kernel driver psmounterex.sys might fail to mount backup image files as virtual drives.
• Attempting to browse or restore from a backup image might result in errors or timeouts.
• Failures might be followed by error messages, such as “The backup has failed because Microsoft VSS has timed out during the snapshot creation” or VSS_E_BAD_STATE.
• Event Viewer might show Code Integrity errors indicating that psmounterex.sys was blocked from loading.
• Backup creation (full image backups) may still succeed, but image-mount operations will fail.

What IT teams need to monitor

Microsoft says this is an intentional security change designed to reduce risk from outdated drivers. The psmounterex.sys driver will remain on the vulnerable driver blocklist, meaning affected applications will continue failing unless vendors release updated versions. Administrators are advised to validate compatibility and review driver status using Event ID 3077 logs.

Event ID 3077 can be found in Event Viewer under Code Integrity logs, where blocked drivers are listed for review. Microsoft support is available for enterprise guidance if disruption occurs.