Back

Microsoft Blocks Macrium Reflect Driver in Windows 11 Updates

Severity: Medium (Score: 54.9)

Sources: updates.macrium.com, forum.macrium.com, Neowin, forums.malwarebytes.com

Summary

On May 2, 2026, Microsoft confirmed that its recent Windows 11 updates (KB5083769 and KB5083631) block the Macrium Reflect driver, psmounterex.sys, as part of its vulnerable driver blocklist. This action is a response to the discovery of a vulnerability (CVE-2023-43896) in versions 8.1.7544 and below of Macrium Reflect, which could allow attackers to execute arbitrary code. Users of Macrium Reflect are affected as the updates prevent the software from mounting or managing disk images, leading to backup failures. Microsoft has advised users to check their event logs for indications of the blocked driver and has not yet provided an official fix. Community discussions have surfaced a temporary workaround involving a Registry hack to disable the blocklist, although this poses security risks. Macrium's support team confirmed that only users of Version 8.1 are impacted, as newer versions do not utilize the blocked driver. The situation remains under investigation, with users advised to monitor for updates. Key Points: • Microsoft's updates block the Macrium Reflect driver due to a known vulnerability. • Affected users cannot mount disk images, limiting backup functionality. • A temporary Registry hack workaround exists but increases security risks.

Key Entities

  • Macrium (company)
  • Microsoft (company)
  • CVE-2023-43896 (cve)
  • Cwe-787 - Out-of-bounds Write (cwe)
  • T1059.003 - Windows Command Shell (mitre_attack)
  • T1547 - Boot Or Logon Autostart Execution (mitre_attack)
  • Windows (platform)
  • Windows 11 (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed