May 04, 2026criticalzero-day

alert ≥ mentions

…

Microsoft confirms April Windows updates cause backup failures

Microsoft has confirmed that the April 2026 security updates are causing failures in third-party backup applications using the psmounterex.sys driver.

what's affectedthird-party backup applications using the psmounterex

mitigation statusMonitoring updates

first reportedMay 04, 2026

Ops Pack

triage-ready iocs + detections

fresh

IOC Workbench

typed indicators with fast copy and export actions

3 total

uhttps://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-backup-failures-caused-by-vulnerable-driver-block/

dpsmounterex.sys

dwww.bleepingcomputer.com

3 indicators staged for handoff.

Rule Studio

starter detections generated from this IOC set

2 formats

!Draft output: validate and tune before production rollout.

sigmadraft

title: AHackaday IOC starter detection id: ahackaday-2026-05-04-microsoft-confirms-april-windows-updates-cause-backup-failures-ec35a0d2 description: IOC starter rule for Microsoft confirms April Windows updates cause backup failures status: experimental author: ahackaday logsource: product: network detection: selection_iocs: - "https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-backup-failures-caused-by-vulnerable-driver-block/" - "psmounterex.sys" - "www.bleepingcomputer.com" condition: selection_iocs falsepositives: - unknown level: high

coverage

yaradraft

rule ahackaday_2026_05_04_microsoft_confirms_april_windows_updates_cause_backup_failures_ec35a0d2 { meta: description = "IOC starter for Microsoft confirms April Windows updates cause backup failures" author = "ahackaday" strings: $ioc1 = "https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-backup-failures-caused-by-vulnerable-driver-block/" nocase $ioc2 = "psmounterex.sys" nocase $ioc3 = "www.bleepingcomputer.com" nocase condition: any of them }

coverage

Response Tracks

fast operational tracks from this incident snapshot

4 tracks

source-backed 1 refs

discussion

0 comments

Loading comments…

audit trail / provenance3

Provenance

Claims tie surfaced fields back to sources, models, or heuristics.

severity.upliftheuristicn/a
CVE or advisory identifiers detected — floor raised to at least high.
severity.upliftheuristicn/a
Active exploitation / in-the-wild language detected — floor raised to at least high.
severity.upliftheuristicn/a
Combined zero-day/exploit + ransomware/mass-impact signals → critical.

What changed

Append-only revisions when ingest or analysts evolve the record.

No revision rows stored yet.

Sources

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-backup-failures-caused-by-vulnerable-driver-block/

Curated May 04, 2026 by the ahackaday team./Sources verified./Brief grounded in 1 source.

back to feed

May 04, 2026criticalzero-day

alert ≥ mentions

…

Microsoft confirms April Windows updates cause backup failures

Microsoft has confirmed that the April 2026 security updates are causing failures in third-party backup applications using the psmounterex.sys driver.

what's affectedthird-party backup applications using the psmounterex

mitigation statusMonitoring updates

first reportedMay 04, 2026

Ops Pack

triage-ready iocs + detections

fresh

IOC Workbench

typed indicators with fast copy and export actions

3 total

uhttps://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-backup-failures-caused-by-vulnerable-driver-block/

dpsmounterex.sys

dwww.bleepingcomputer.com

3 indicators staged for handoff.

Rule Studio

starter detections generated from this IOC set

2 formats

!Draft output: validate and tune before production rollout.

sigmadraft

coverage

yaradraft

coverage

Response Tracks

fast operational tracks from this incident snapshot

4 tracks

source-backed 1 refs

discussion

0 comments

Loading comments…

audit trail / provenance3

Provenance

Claims tie surfaced fields back to sources, models, or heuristics.

severity.upliftheuristicn/a
CVE or advisory identifiers detected — floor raised to at least high.
severity.upliftheuristicn/a
Active exploitation / in-the-wild language detected — floor raised to at least high.
severity.upliftheuristicn/a
Combined zero-day/exploit + ransomware/mass-impact signals → critical.

What changed

Append-only revisions when ingest or analysts evolve the record.

No revision rows stored yet.

Sources

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-backup-failures-caused-by-vulnerable-driver-block/

Curated May 04, 2026 by the ahackaday team./Sources verified./Brief grounded in 1 source.

Microsoft confirms April Windows updates cause backup failures

discussion

Provenance

What changed

Sources

social pulse

Microsoft confirms April Windows updates cause backup failures

discussion

Provenance

What changed

Sources

social pulse