Imagine trying to secure your PC’s most important files, only to discover that your trusted backup software has been actively locked out by the operating system itself. That is exactly what is happening to Windows 11 users this week, as Microsoft has officially confirmed in a recently updated support document that its latest patches (KB5083769 and KB5083631) are intentionally blocking popular third-party backup applications like Macrium Reflect.
The Redmond giant explained that this disruptive change is the result of a strict new security hardening measure, which actively adds the psmounterex.sys kernel driver to the Microsoft Vulnerable Driver Blocklist to protect systems from known exploits—leaving affected users dealing with timeout errors and broken disk image mounting.
Microsoft confirms the change and that third-party backup software may be affected on a new support page. However, the company has not added any information about potential issues to the official KB release notes, making it difficult for affected users and also system administrators to investigate the issue.
According to the company, users and IT administrators may observe the following behavior after installing April 2026 or later updates for Windows 11:
What new behavior should I expect?
Users and IT administrators might observe the following behavior after installing the update:Backup applications that rely on the kernel driver psmounterex.sys might fail to mount backup image files as virtual drives.
Attempting to browse or restore from a backup image might result in errors or timeouts.
Failures might be followed by error messages, such as “The backup has failed because Microsoft VSS has timed out during the snapshot creation” or VSS_E_BAD_STATE.
Event Viewer might show Code Integrity errors indicating that psmounterex.sys was blocked from loading.
Backup creation (full image backups) may still succeed, but image-mount operations will fail.
Microsoft claims that the change is “designed to protect devices against known vulnerabilities in the psmounterex.sys kernel driver. That is exactly the driver that some backup apps, including Macrium Reflect, use for managing and mounting disk images.
The vulnerability that Microsoft mentions was discovered in certain versions of the driver in late 2023 already. If exploited, bad actors can use this flaw to escalate their privileges and execute arbitrary malicious code at the kernel level, completely compromising the system.
The result for users who run backup apps that rely on the driver: When a user tries to mount a backup image, the backup app attempts to load the psmounterex.sys driver. Windows Code Integrity enforcement steps in and actively blocks the driver from loading because it’s on the blacklist. Without the driver, the backup app cannot complete its task, leading to Volume Shadow Copy Service (VSS) timeouts and mounting errors.
In short, Microsoft is deliberately breaking the functionality of these apps to stop a known security loophole from being exploited at the kernel level.