Windows 11 KB5083769 is breaking Acronis, Macrium, and other backup apps

Windows 11's April 2026 cumulative update KB5083769 is breaking third-party backup applications on systems running 24H2 and 25H2, and Microsoft has now confirmed why. The update adds known vulnerable kernel drivers to the Microsoft vulnerable driver blocklist, and one of the affected drivers sits inside Macrium Reflect, Acronis Cyber Protect Cloud, NinjaOne Backup, and UrBackup Server.

The specific driver at the centre of the problem is psmounterex.sys, used by Macrium. Reflect and several other backup tools to mount backup images as virtual drives. Once Windows code integrity enforcement blocks the driver from loading, the backup application can no longer mount or browse images, and snapshot creation fails. The error message users are seeing reads: "The backup has failed because Microsoft VSS has timed out during the snapshot creation" or "VSS_E_BAD_STATE". Both errors point to the same underlying cause: Windows is blocking the driver before the backup can complete.

Why Microsoft blocked it

Microsoft's official statement frames the change as intentional security hardening, not a bug. The company says psmounterex.sys contains known vulnerabilities that could be used to load a malicious kernel driver on an otherwise protected system. Adding it to the blocklist closes that route. The practical problem is that the change arrived through a routine Patch Tuesday update with no advance warning to backup vendors, leaving customers in the position of discovering the failure only after a backup job silently stopped completing.

Acronis has confirmed its Cyber Protect Cloud product is affected and described failures where "the affected machine may also lose connectivity with the cloud console and appear offline." The same driver block also applies to KB5083631, the optional May 1 preview update, so updating to the newer build does not resolve the problem.

What to do right now

The immediate workaround from BleepingComputer and affected vendors is to uninstall KB5083769 from Settings, then Windows Update, then Update history, then Uninstall updates. Pause Windows updates after removal and reboot. This restores backup functionality but removes the April 2026 security patches, including the fix for the actively exploited CVE-2026-32202 Windows Shell zero-day that Notebookcheck covered last week. Users who choose to uninstall should be aware of that trade-off.

The permanent fix requires backup vendors to update their kernel drivers. Macrium has said an update is in development. Microsoft has not confirmed a timeline for an out-of-band fix. Until a vendor update is available, affected users should check backup job history for any jobs that ran after April 14 and verify that their last successful image was completed before KB5083769 was installed.

This is another significant problem tied to KB5083769. Notebookcheck previously covered the boot loop issue affecting HP and Dell machines and Microsoft's simultaneous push to force-upgrade Windows 11 24H2 users to 25H2.