What KB5083769 Changes and Why Backups Are Failing
The KB5083769 Windows update introduces a critical security change that unexpectedly leaves some backup software broken. As part of April’s cumulative release, Microsoft added the kernel driver psmounterex.sys to its Vulnerable Driver Blocklist, a curated list of drivers Windows refuses to load because attackers can abuse them. This particular driver is tied to CVE-2023-43896, a high-severity buffer overflow that enables local privilege escalation and arbitrary code execution. To close off “bring-your-own-vulnerable-driver” attacks, Microsoft now blocks psmounterex.sys on Windows 10, Windows 11, and Windows Server systems. The catch: multiple backup vendors depend on this shared mounting driver for image-mount backup operations. Once the blocklist is enforced, Windows silently prevents the driver from loading, so image-related tasks begin to fail even though the backup applications themselves have not changed, creating a sudden and confusing regression for administrators.
Which Backup Applications Are Affected and How Issues Appear
KB5083769’s driver block disrupts image-mount operations in several widely used backup platforms. Microsoft specifically calls out Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup as relying on psmounterex.sys for disk image mounting and snapshot handling. Image creation generally still completes, but failures surface when these tools attempt to mount or manage disk images through the blocked driver. Administrators report symptoms such as VSS snapshot timeouts, failed jobs, and errors like “The backup has failed because Microsoft VSS has timed out during the snapshot creation” or VSS_E_BAD_STATE. To confirm that the KB5083769 Windows update is the root cause, you can inspect Event Viewer. In the Code Integrity log, Event ID 3077 combined with Policy ID {D2BDA982-CCF6-4344-AC5B-0B44427B6816} shows psmounterex.sys being blocked, clearly linking the backup failures to the newly enforced driver blocklist rather than to application defects.
Why Microsoft Won’t Roll Back the Driver Block
Although the KB5083769 Windows update has left legitimate backup software broken in certain scenarios, Microsoft is unwilling to reverse the psmounterex.sys block. The driver’s buffer-overflow flaw provides exactly the kind of primitive threat actors and ransomware operators exploit to gain ring-zero code execution on otherwise fully patched machines. Attackers increasingly chain signed-but-vulnerable drivers into campaigns, bringing their own flawed kernel modules to bypass traditional defenses. To counter this trend, Microsoft periodically refreshes its Vulnerable Driver Blocklist and enforces it via App Control for Business policies that ship with modern Windows and Windows Server releases. In this context, backup disruptions are being treated as collateral damage of a necessary security fix, not as justification to weaken protection. As a result, Microsoft’s position is that the blocklist entry must remain, and remediation should come from backup vendors updating their driver stack rather than from reverting the security change.
Immediate Workarounds: Restoring Backup Reliability Safely
For organizations facing backup failures after installing KB5083769, the safest path is to apply a Macrium Acronis fix or similar update from your vendor as soon as it is available. Microsoft’s official guidance is clear: upgrade your backup software to a build that ships with the required driver protections instead of uninstalling or pausing the security update. Some administrators are experimenting with registry tweaks that temporarily disable enforcement of the blocklist for psmounterex.sys, but this effectively reopens the CVE-2023-43896 privilege-escalation hole and is not recommended. If you must restore image-mount backup functionality immediately and no patched build is available, a short-term option is to roll back or disable KB5083769 on non-critical machines, while isolating them and tightening other controls. However, this should be treated as a last resort and reversed as soon as a compatible backup software update is released.
Status of Vendor Fixes and What Administrators Should Do Next
Backup vendors are actively working on compatibility updates to resolve the fallout from the KB5083769 Windows update. Macrium, Acronis, UrBackup, and NinjaOne are preparing new builds that drop psmounterex.sys in favor of a non-blocklisted driver, restoring image-mount backup features without sacrificing kernel security. Until those builds arrive, administrators should closely monitor vendor advisories, subscribe to release notifications, and test any new versions in a staging environment before broad deployment. Meanwhile, watch your fleets for Event ID 3077 in Code Integrity logs to identify systems affected by the block. Given that April’s updates have triggered additional issues—such as Windows Server restart loops and BitLocker recovery prompts—treat this incident as a reminder to schedule cumulative updates, verify backup integrity, and validate restore procedures regularly. Your goal is to maintain both strong security posture and reliable, testable backups, even when critical patches introduce regressions.