Microsoft Security Update Disrupts Third-Party Backup Applications
AI-generated from multiple sources. Verify before acting on this reporting.
Microsoft confirmed Monday that security updates released in April 2026 are causing backup failures in third-party applications utilizing the psmounterex.sys driver. The disruption stems from a security hardening change that blocks the driver across Windows 11, Windows Server, and Windows 10 devices globally.
The software giant added the psmounterex.sys driver to its Vulnerable Driver Blocklist as a defensive measure against attacks targeting a high-severity buffer overflow vulnerability identified as CVE-2023-43896. The blocklist mechanism, designed to prevent exploitation of known vulnerabilities, inadvertently impacts legitimate backup software relying on the driver for functionality.
Affected systems are experiencing interruptions in backup operations following the installation of the April 2026 cumulative updates. Microsoft stated that the driver was flagged due to its association with the buffer overflow flaw, which allows attackers to execute arbitrary code with elevated privileges. By blocking the driver, the company aims to mitigate the risk of exploitation across its user base.
Third-party vendors whose software depends on psmounterex.sys are facing operational challenges as their applications fail to execute backup tasks. The issue has prompted inquiries from enterprise customers and IT administrators seeking immediate resolutions to restore data protection workflows. Microsoft has acknowledged the impact and is working with affected vendors to develop compatible alternatives.
The vulnerability, originally disclosed in 2023, remained a target for potential exploitation until the driver was added to the blocklist. Security researchers have long warned about the risks posed by vulnerable drivers that lack proper memory handling. The decision to block psmounterex.sys reflects Microsoft's broader strategy to proactively neutralize threats before they can be weaponized.
Users are advised to check for updates from their backup software providers to ensure compatibility with the latest security measures. Microsoft recommends temporarily disabling the blocklist for specific drivers only if absolutely necessary and under strict security protocols. However, the company emphasizes that leaving the blocklist disabled exposes systems to potential compromise.
The situation highlights the ongoing tension between security hardening and software compatibility. While blocking vulnerable drivers protects against known exploits, it can disrupt essential business processes reliant on those drivers. Microsoft is expected to provide further guidance on mitigating the impact on third-party applications in the coming days.
As of Monday, no official timeline has been provided for a resolution that balances security and functionality. IT professionals are monitoring the situation closely, awaiting updates from both Microsoft and affected software vendors. The incident underscores the complexities of maintaining secure systems in an environment where third-party dependencies remain prevalent.