Microsoft confirms the April 2026 security updates have added the kernel driver psmounterex.sys to the Vulnerable Driver Blocklist, causing third‑party backup applications that use VSS snapshots to fail to mount or browse backup images. The hardening addresses CVE-2023-43896, and Microsoft urges customers to install updated application versions with newer drivers instead of uninstalling or pausing the update. #psmounterex.sys #VSS
Keypoints
- April 2026 updates add psmounterex.sys to Microsoft’s Vulnerable Driver Blocklist.
- Backup software using VSS snapshots (e.g., Macrium, Acronis, UrBackup, NinjaOne) may fail to mount or restore images on Windows 10, Windows 11, and Windows Server.
- Observed symptoms include VSS timeouts, VSS_E_BAD_STATE errors, and Event Viewer Code Integrity blocks such as Event ID 3077.
- Microsoft states the block mitigates CVE-2023-43896 and recommends installing updated application versions with newer drivers.
- Admins can verify blocks by checking the Code Integrity Operational log for Event ID 3077 with Policy ID {D2BDA982-CCF6-4344-AC5B-0B44427B6816}.