Microsoft confirms: April patch blocks vulnerable backup driver

Microsoft has confirmed last month's backup-software issue is a vulnerable-driver block, not a regression. The block stays — and the fix is a current build from the backup vendor. The driver is psmounterex.sys, used by Macrium Reflect, Acronis, NinjaOne, and UrBackup to mount image files as virtual drives. In October 2023, a researcher at Northwave Cybersecurity disclosed a buffer-overflow flaw — an out-of-bounds write in kernel mode that lets a regular user execute code with full kernel privileges. Macrium shipped a patched version the same day. On April 14, 2026, Microsoft added the old, vulnerable versions of psmounterex.sys to the Windows Vulnerable Driver Blocklist across Windows 10 22H2, all flavors of Windows 11, and Windows Server 2019, 2022, and 2025. Microsoft's published guidance: "we do not recommend uninstalling or pausing this update," and the driver "will remain on the Microsoft vulnerable driver blocklist." Macrium Reflect 8 hit end-of-life on February 27, 2026; the supported product is now Reflect X. Acronis, NinjaOne, and UrBackup users should check for current builds too — and take a test restore before trusting any backup. Sources: https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-backup-failures-caused-by-vulnerable-driver-block/ More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday. #cybersecurity #windows11 #backup