Windows 11 KB5083769 Update Blocking Macrium Reflect and Backup Apps

Posted on by Martin Brinkmann

Imagine trying to secure your PC’s most important files, only to discover that your trusted backup software has been actively locked out by the operating system itself. That is exactly what is happening to Windows 11 users this week, as Microsoft has officially confirmed in a recently updated support document that its latest patches (KB5083769 and KB5083631) are intentionally blocking popular third-party backup applications like Macrium Reflect.

The Redmond giant explained that this disruptive change is the result of a strict new security hardening measure, which actively adds the psmounterex.sys kernel driver to the Microsoft Vulnerable Driver Blocklist to protect systems from known exploits—leaving affected users dealing with timeout errors and broken disk image mounting.

Microsoft confirms the change and that third-party backup software may be affected on a new support page. However, the company has not added any information about potential issues to the official KB release notes, making it difficult for affected users and also system administrators to investigate the issue.

According to the company, users and IT administrators may observe the following behavior after installing April 2026 or later updates for Windows 11:

What new behavior should I expect?
Users and IT administrators might observe the following behavior after installing the update:

Backup applications that rely on the kernel driver psmounterex.sys might fail to mount backup image files as virtual drives.

Attempting to browse or restore from a backup image might result in errors or timeouts.

Failures might be followed by error messages, such as “The backup has failed because Microsoft VSS has timed out during the snapshot creation” or VSS_E_BAD_STATE.

Event Viewer might show Code Integrity errors indicating that psmounterex.sys was blocked from loading.

Backup creation (full image backups) may still succeed, but image-mount operations will fail.

Microsoft claims that the change is “designed to protect devices against known vulnerabilities in the psmounterex.sys kernel driver. That is exactly the driver that some backup apps, including Macrium Reflect, use for managing and mounting disk images.

The vulnerability that Microsoft mentions was discovered in certain versions of the driver in late 2023 already. If exploited, bad actors can use this flaw to escalate their privileges and execute arbitrary malicious code at the kernel level, completely compromising the system.

The result for users who run backup apps that rely on the driver: When a user tries to mount a backup image, the backup app attempts to load the psmounterex.sys driver. Windows Code Integrity enforcement steps in and actively blocks the driver from loading because it’s on the blacklist. Without the driver, the backup app cannot complete its task, leading to Volume Shadow Copy Service (VSS) timeouts and mounting errors.

In short, Microsoft is deliberately breaking the functionality of these apps to stop a known security loophole from being exploited at the kernel level.

You can now ask Gemini to create Microsoft Office documents directly

Posted on by Martin Brinkmann

Google added a useful new feature to its Gemini AI recently: the ability to create Microsoft Office documents directly using prompts.

While Gemini could create tables and such already, you had to copy the information manually up until now into a Microsoft Office file, if Microsoft Office is your Office suite of choice.

This changes with the most recent update. Now, you can ask Gemini to create Microsoft Office documents directly and the process could not be simpler.

Just add “export the table to Excel format” or “export the text to Word format” to your prompt to do so. Gemini will then show an attachment at the top that is in the right format and contains the information that you requested.

For instance, I used the following prompt to get Gemini to compare the classic Steam Controller to the new gamepad that Valve plans to release in a few days:

Compare the old and new Steam Controller. Create a table. Export that table to Excel format

Gemini displayed the Excel spreadsheet at the top and below that it listed the information that I requested.

All you need to do is click on the attached file to display it right away. This opens options to print it or save it to the local system.

Interestingly enough, the information that Gemini presents to you directly may be different from the information that you requested to be put into the Office document. I guess you can use the instructions to make them identical though, which would be useful to make sure that the Office document has the right information.

Firefox

Firefox 150.0.1 is out with a Facebook fix and security patches

Posted on by Martin Brinkmann

Mozilla released point updates for its open source Firefox web browser yesterday evening. The updates are available for all three supported stable versions of the browser:

  • Firefox 150.0.1
  • Firefox 140.10.1 ESR
  • Firefox 115.35.1 ESR

However, only the main stable release, Firefox 150.0.1 is getting bug fixes and security patches. The two extended support release versions do get the security fixes only.

Here are the fixed security issues:

  • CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component
  • CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1
  • CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1
  • CVE-2026-7324: Memory safety bugs fixed in Firefox 150.0.1

The changes in Firefox 150.0.1

Mozilla lists five non-security fixes and a change in the official release notes:

  • Fixed issues accessing Facebook and other unnamed websites on systems with Bitdefender security software installed.
  • Fixed an issue where a geolocation permission prompt would be shown again on a second attempt.
  • Fixed an issue that prevented tabs to be added to older saved tab groups.
  • Fixed a drop-down menu display issue that had them show all list items at once.
  • Fixed a zooming issue on macOS and Windows that caused some borders and outlines on some page elements to disappear.

The change affects Firefox indirectly only. Mozilla increased the email masks limit of its Relay service to 50 for free users. The previous limit was five.

The new versions are available already. Most non-managed systems should get the updates automatically, but you can speed up the installation by selecting Menu > Help > About Firefox.

About Brave Browser’s Shred Button on Android

Posted on by Martin Brinkmann

Back in late 2024, Brave introduced a Shred button for its mobile browser on iOS. Now, that same function is finally coming to Android as part of the Brave 1.89 release.

What does Shred do? Shred is a privacy feature that deletes site data that could be used to identify users across visits.

The main idea is to visit a site and, before you leave, hit the shred button to remove potentially identifiable information. It is designed to remove stored data from a single website.

Brave describes it in a new post on its website:

Shred lets you instantly erase any data a site stores on your device. Shred on Android offers the same easy and site-specific data erasure as Shred on iOS. This means you can instantly wipe one website’s stored data without being forcibly logged out of all websites, eliminating the need for complex site-by-site exceptions. This sets Shred apart from similar features in other privacy-focused browsers.

But the manual option is not the only one available. You can also set up shred to automatically delete data on specific websites. Have a site that you visit frequently but want to know as little as possible about you and your activity? The Auto Shred may be the option for you then.

Brave highlights that Shred has other applications, other than protecting against tracking. For instance, it may help with visits to sites that limit access to content artificially for a period, like three free articles per week or month.

Here is how you use the new Shred feature:

  • Open the main menu of the browser and pick Shred site data.
  • Open the tab switcher and tap on the Shred icon.
  • Open the Shields icon and select the Shred option.

To configure auto-shredding, do the following:

  1. Open the Shields icon on the site that you want to configure Auto Shred for.
  2. Select Advanced Controls > Shred site’s data.
  3. Tap on Auto Shred and set it to “site tab closed” or “app close”.

Brave will then shred the site automatically when you close it or when you close the browser.

Last but not least, you can also configure the behavior for all sites.

  1. Open the Settings.
  2. Go to Brave Shields & privacy.
  3. Tap on Auto Shred.

There you get the same two options (tab close or app close).

Amazon ends sideloading on new Fire TV sticks

Posted on by Martin Brinkmann

Amazon Fire TV sticks are one option for users who want to use a streaming device instead of the “smart” capabilities of the television itself. Up until now, Amazon supported installing apps from its official store and also as APK files from the Internet, since it was based on Android.

This meant that you could install a third-party YouTube client or any other app on the device and use it as if you’d be using it on a mobile or tablet.

This changed recently with the release of the newest Fire TV Stick HD and Fire TV 4K Select, which do not support sideloading anymore.

Amazon confirms this on the product page. When you ask the AI whether the new Fire TV stick supports sideloading, it repllies:

For enhanced security, Fire TV Stick HD prevents sideloading or installing apps from unknown sources. Only apps from the Amazon Appstore are available for download.

Means, if an app is not listed on the Amazon Appstore, then you can’t install it. Amazon claims that the change is all about security. This may sound logical on first glance: sideloaded apps are not vetted and they may introduce malware or other unwanted behavior.

However, this is also removing choice from customers. Even if you know what you are doing, you can’t install apps anymore that are not offered at the official Amazon Store. This removes choice and makes the coming Fire TV sticks a bad deal for anyone who’d even consider sideloading apps.

Amazon Fire TV alternatives

If sideloading third-party apps, custom launchers, or ad-free YouTube clients is a dealbreaker for you, you need to migrate to a device running Google TV or Android TV. These operating systems are still open, allow you to enable “Developer Options,” and let you install whatever you want.

Here are options that still work:

  • Google TV Streamer 4K
  • NVIDIA Shield TV Pro
  • Xiaomi Mi TV Stick 4K or MECOOL

Other popular brands, including Apple or Roku, do not support sideloading.

Firefox

How to enable Firefox’s secret ad-blocker

Posted on by Martin Brinkmann

For years, I asked myself why Mozilla did not add a good content blocker to Firefox. It would be a great fit. An organization that values privacy, an open source browser that blocks most tracking out of the box.

However, for Mozilla, integrating a content blocker would also mean torpedoing its main revenue stream coming from Google.

Mozilla never made the step and others, including Brave, led by Mozilla’s ex-CEO, stepped in to fill that gap.

This changed recently

Mozilla did integrate Brave’s Rust-based adblock engine into its Firefox browser. More precisely, it is part of Firefox 149 and Mozilla describes it as a prototype rich content blocking feature.

It is not yet available as an option in the user-facing interface, let alone as something similar to the Shield feature of Brave. Still, users who run Firefox 149 can enable the content blocker and make use of it right away for testing.

Here is how that works:

  1. Load about:config in the Firefox address bar.
  2. Search for privacy.trackingprotection.content.protection.enabled
  3. Set the value to True with a click on the toggle on its right.
  4. Search for privacy.trackingprotection.content.protection.test_list_urls.
  5. Paste https://easylist.to/easylist/easylist.txt|https://easylist.to/easylist/easyprivacy.txt as the value.
  6. Restart Firefox

This enables two EasyLists, but you can add any other list that uses the same format. Separate lists with the character |.

Clearly, this is done for testing purposes. Mozilla would very likely add controls to the preferences or another user facing interface to make this easier to configure and use.

For now, it is a work in progress implementation, but one that shows that Mozilla could finally integrate what many users of its browser have wanted (or did not know they wanted) for a long time.

Mozilla fixed 271 vulnerabilities in Firefox 150 thanks to AI

Posted on by Martin Brinkmann

When Mozilla released Firefox 150 earlier this week, it revealed that it had fixed what looked like the usual number of security issues in the browser. However, what Mozilla did not tell at the time was that it had fixed a significant number of vulnerabilities.

A post on the official Mozilla blog reveals that engineers fixed 271 vulnerabilities in total, a significant number. However, this time, Mozilla’s engineers did not hunt for vulnerabilities using traditional means. Instead, the company used Anthropic’s Mythos AI to do so.

Mozilla writes:

As part of our continued collaboration with Anthropic, we had the opportunity to apply an early version of Claude Mythos Preview to Firefox. This week’s release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation.

So, what is Claude Mythos?

Claude Mythos is a powerful, unreleased frontier AI model developed by Anthropic. Announced in April 2026, it is famous—and highly controversial—for its unprecedented capabilities in cybersecurity, specifically its ability to autonomously hunt down and exploit software vulnerabilities.

This is not the first time that Mozilla used an AI from Anthropic for that purpose. Back in February 2026, it used Claude and discovered 22 “security-sensitive bugs”.

Mozilla says that this is great news for software developers and what it calls defenders, legitimate developers who need to secure their applications against a constant barrage of threats.

While the use of AI continues to be controversial, it is usually ethical and privacy concerns that are raised. Good uses for AI, like using it to discover vulnerabilities before the bad guys find them, is probably something that most might not find nearly as problematic.

I would not go as far and say that the days of the 0-day threats are numbered, as Mozilla does, but it looks as if it can help. Still, threat actors could also leverage AI tools for finding vulnerabilities.

Brave Origin is a stripped-down version of the browser that you need to buy

Posted on by Martin Brinkmann

When it comes to browsers, most Internet users expect them to be free. Many times, this means that the developer has found other means of generating revenue to keep the business running. This can mean selling default search engine slots, putting sponsored icons on the new tab page, or using user data for all kinds of things.

Paid browsers are rare and most of the time, they do not seem to work overly well. However, the idea of introducing a free and paid version of a browser is something that Internet users know from other apps and services.

So, Brave Software, maker of the Brave Browser, has introduced Brave Origin. This is a “minimalist version” of the browser that cuts all revenue-generating features and can be purchased by making a one-time payment. There is one exception to that: a Linux version of Brave Origin is available for free.

The features that Brave Origin does not support:

  • Leo
  • News
  • Playlist (currently iOS only)
  • Rewards (which also disables browser-based Brave Ads)
  • Speedreader
  • Stats like the daily usage ping, crash logs, and privacy-preserving product analytics (P3A)
  • Talk
  • Tor
  • VPN
  • Wallet (which also disables Web3 domains)
  • Wayback Machine
  • Web Discovery Project

Some of these were discussed controversially in the past, but others including Tor or the Wayback Machine, not so much.

Note: Brave Origin is available as a standalone deskop app or an upgrade. On mobile, the browser is only available as an upgrade. In other words, you can replace Brave with Brave Origin on all supported systems, but install it next to Brave only on desktop systems.

Once you have downloaded and installed the Brave Origin browser, you need to purchase it, unless you opted-in to use the free version on Linux. The price at the time of writing is $60.

Brave says that this is a one-time purchase that is good for up to 10 activations per license across devices.

Closing Words

Launching a paid version is an interesting approach to diversifying revenue. Users can support development of the browser by making this purchase and may also get some of the features removed from it that they do not use or find problematic. At its core, it is still Brave browser, built on Chromium, with a good integrated content blocker.

It probably won’t convince most critics of the browser, or its founder, but it is still an interesting experiment to look at, as it could be an option for other organizations as well.

Copilot key laptops

Microsoft confirms yet another BitLocker Recovery Screen issue in Windows 11

Posted on by Martin Brinkmann

Another one? That could be the reaction of veteran Windows users who read the headline. Microsoft confirmed another BitLocker related issue in Windows 11. This one may be caused by installing the most recent cumulative update for the operating system.

In the Known issues section of the update, Microsoft confirms that devices might boot into the BitLocker Recovery screen and not the desktop.

According to the description, the issue is caused by an “unrecommended BitLocker Group Policy configuration”. Only a “limited number of systems” are affected according to Microsoft. The company says that the issue affects only systems for which all of the following conditions are true:

  • BitLocker is enabled on the OS drive.
  • The Group Policy “Configure TPM platform validation profile for native UEFI firmware configurations” is configured, and PCR7 is included in the validation profile (or the equivalent registry key is set manually).
  • System Information (msinfo32.exe) reports Secure Boot State PCR7 Binding as “Not Possible”.
  • The Windows UEFI CA 2023 certificate is present in the device’s Secure Boot Signature Database (DB), making the device eligible for the 2023‑signed Windows Boot Manager to be made the default.
  • The device is not already running the 2023-signed Windows Boot Manager.

Devices that meet the conditions may boot into recovery mode after installing the KB508376 for Windows 11, versions 24H2 or 25H2.

A workaround is available to remove the Group Policy configuration before installing the update.

  1. Open Group Policy Editor (gpedit.msc) or your Group Policy Management Console.
  2. Navigate to: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
  3. Set “Configure TPM platform validation profile for native UEFI firmware configurations” to “Not Configured“.
  4. Run the following command on affected devices to propagate the policy change: gpupdate /force
  5. Run the following command to suspend BitLocker (where BitLocker is enabled on the C: drive): manage-bde -protectors -disable C: 
  6. Run the following command to resume BitLocker (where BitLocker is enabled on the C: drive): manage-bde -protectors -enable C: 
  7. ​​​​​​​This updates the BitLocker bindings to use the Windows-selected default PCR profile.

Microsoft plans to release a permanent fix in the future to address this. Windows users who use a Microsoft Account can look up the recovery key for BitLocker online.

WhatsApp Plus launches: would you pay for these features?

Posted on by Martin Brinkmann

The writing was on the wall for some time. Meta-owned WhatsApp is rolling out a paid subscription service called WhatsApp Plus to a first batch of users of the messaging app.

For a price of 2.50 Euro per month (roughly 2.94 US Dollar), the price is not know for all regions), users get a range of extra features. WhatsApp reassures users that all core features remain free.

So, what do Plus users get? WABetaInfo has created a detailed post about the features that subscribers do get currently.

  • Send premium stickers – exclusive stickers that recipients also see, but can’t use.
  • Change your app’s theme – get 18 new colors options.
  • Choose a custom app icon – change the default icon of the app.
  • Pin extra chats – pin up to 20 chats.
  • Get premium ringtones – ten exclusive ringtones.
  • Upgrade your chat lists – enables options to update chats in bulk.

Interestingly enough, this does not change anything else. No removal of ads or improved usability features, which is often part of such a deal.

Related post: WhatsApp is rolling out long-overdue username privacy feature

The main question is, how many users of WhatsApp will find this selection of exclusive features worth the price? Will be interesting to see how this evolves over time. Maybe Meta is planning to take a cue from Google’s playback by moving some features into the paid plan or introducing an ad-free experience.