Microsoft’s April 14, 2026 Patch Tuesday cumulative update KB5083769 is rolling out to Windows 11 24H2 and 25H2 systems. Shortly after its release, administrators and power users began reporting catastrophic failures in third-party backup solutions that rely on the Volume Shadow Copy Service (VSS). Acronis Cyber Protect Cloud, Macrium Reflect, Veeam Agent for Microsoft Windows, and other VSS-dependent tools are throwing cryptic errors, leaving critical data unprotected. The problem appears widespread, with dozens of threads on the Microsoft Community forums, Reddit’s r/sysadmin, and Spiceworks, yet Microsoft has not issued an official acknowledgment as of April 17, 2026.

The Problem: VSS Snapshot Creation Fails After KB5083769

After installing the cumulative update, users attempting a backup find that VSS snapshots fail to create. Event Viewer logs typically show VSS error 8193 or 12293, with the message “Volume Shadow Copy Service error: Unexpected error calling routine IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES.” Backup applications display their own front-facing errors: Acronis reports “Failed to create volume snapshot,” Macrium Reflect shows “Failed to initialize VSS,” and Veeam throws “VSS: Failed to prepare for snapshot.” Resetting the VSS configuration, re-registering DLLs, or rebooting does not resolve the issue.

The root cause appears to be a registry or driver change introduced by KB5083769 that corrupts the VSS writers or the underlying COM+ components. Some advanced users traced the breakage to a specific Windows Driver Foundation (WDF) modification affecting the volsnap.sys driver, which is critical for flush-and-hold writes. Others suspect a delta in the way the update handles shadow copy provider registration—perhaps a security hardening that inadvertently blocks legitimate software.

Scope of the Damage: Who Is Affected?

KB5083769 is a non-optional security update and is being pushed automatically via Windows Update. It affects all Windows 11 editions running version 24H2 (OS Build 26100) or 25H2 (OS Build 26200). This includes Windows 11 Home, Pro, Enterprise, Education, and IoT. Server equivalents are not directly impacted, because Windows Server 2025 uses a different update channel. However, administrators running Windows 11 clients as makeshift backup repositories are hit hard.

The impact is especially severe for small businesses and professionals who rely on VSS-aware backup tools for daily protection. System restore—also VSS-powered—may be compromised, meaning that rolling back via System Restore points created after the update may fail. Volume shadow copies used by Previous Versions are also affected; users trying to restore files from a shadow copy encounter “The shadow copy provider had an error” alerts.

Not all backup applications use VSS. File-based backup tools that copy raw files (like robocopy scripts or some consumer-grade utilities) are unaffected. Similarly, backup software that uses proprietary snapshot mechanisms (e.g., image-level backups that bypass VSS) continues to function. The breakage specifically hits those that depend on the Microsoft shadow copy provider.

Community Reports and Technical Deep-Dive

On the Microsoft Community forum, a thread titled “KB5083769 killed my backups – VSS broken” has amassed over 800 replies in three days. Users share strikingly similar symptoms:

  • Event ID 8193 in the Application log with source VSS
  • Failed Snapshot creation with hr = 0x80042306
  • volsnap.sys showing a code 39 error in Device Manager (driver cannot be loaded)
  • SFC /scannow reports no corruptions; DISM health checks return clean

One user, a backup administrator for a mid-sized law firm, detailed how their nightly Macrium Reflect jobs began failing without warning after the update installed automatically. They attempted the standard VSS fix drill—clearing the VSS DIFF area, resetting writers via vssadmin, and even performing a repair installation of Windows—to no avail. The only reliable fix was uninstalling KB5083769.

On Reddit, a contributor analyzed the registry: the CLSID for the VSS coordinator service (HKLM\SYSTEM\CurrentControlSet\Services\VSS\CLSID) appeared to have its permissions altered by the update, breaking COM activation. Restoring the default permissions (Full Control for SYSTEM, Administrators, and Network Service) resolved the issue for some, but not consistently. Another Redditor found that the volsnap.sys driver version jumped from 10.0.26100.1882 to 10.0.26200.2026 after KB5083769, and rolling back the driver manually restored functionality.

Microsoft’s Silence and the Pervasive Panic

As of April 17, 2026, Microsoft has not acknowledged the problem in the Known Issues section of KB5083769’s support article. The update’s page only mentions the usual security fixes and a minor reliability improvement for zip decompression. IT professionals express frustration that such a critical bug passed testing. The update underwent Insider testing for two weeks prior to release, yet the VSS regression did not surface—possibly because Insider machines tend to use Microsoft’s own backup solutions (like File History) which may not trigger the same VSS code path.

On Twitter, the official @WindowsUpdate account responded to a user complaint with a boilerplate “We recommend running the Windows Update Troubleshooter and contacting support,” drawing widespread criticism. Enterprise customers with Software Assurance tickets report that Microsoft’s Premier Support is collecting logs but has not provided a timeline for a fix.

Workarounds: Regaining Backup Capabilities

Until Microsoft releases a re-release of KB5083769 or an out-of-band hotfix, affected users have several workarounds—each with its own risks.

1. Uninstall KB5083769

The simplest approach is to remove the update. Open Settings > Windows Update > Update history > Uninstall updates. Locate KB5083769, select Uninstall, and reboot. After removal, VSS functionality returns immediately. To prevent the update from reinstalling automatically, you can pause updates for up to 35 days (Settings > Windows Update > Pause for 5 weeks) or use the wushowhide.diagcab troubleshooter to hide the update. This is a temporary measure; you will miss all security patches bundled in the cumulative update, leaving your system exposed to dozens of critical vulnerabilities patched on April 14.

2. Switch to a Non-VSS Backup Method

If you cannot uninstall the update, consider using backup software that does not rely on VSS. Options include:
- Windows File History: Although it uses VSS for snapshotting, some reports indicate it may work because it uses a different VSS writer. If not, you can resort to manual file copies.
- Robocopy/Scripts: Create a scheduled task that runs robocopy to mirror critical folders to an external drive. This lacks incremental snapshots but preserves data.
- Third-party file-level backups: Acronis and Macrium both offer “file backup” modes that are VSS-independent when you disable snapshot creation. Check your application’s documentation.

3. Manually Fix VSS Permissions (Advanced)

For those comfortable with the registry, you can try resetting the CLSID permissions as discovered in community discussions:
1. Open Regedit and navigate to HKLM\SYSTEM\CurrentControlSet\Services\VSS.
2. Right-click the key and select Permissions.
3. Ensure SYSTEM, Administrators, and Network Service have Full Control.
4. Click Advanced and make sure the “Replace all child object permissions” option is not inadvertently set.
5. Reboot and test VSS with vssadmin list writers.

This method works for some configurations but not all. Alternatively, replacing the volsnap.sys driver with a pre-update version (extracted from a 24H2 ISO) has been reported to fix the issue; however, this is unsupported and may lead to system instability.

4. Wait for a Fix (While Running Without Backups)

If you have a secondary backup strategy (cloud sync, daily offline copies), you can wait for Microsoft’s fix. Check the KB5083769 support article daily for updates. Historically, Microsoft resolves such regressions within two to four weeks, often via a Known Issue Rollback (KIR) that doesn’t require a new update download.

How to Check If Your System Is Vulnerable

Before performing a backup, verify VSS health:
1. Open an elevated Command Prompt or PowerShell.
2. Run vssadmin list writers.
3. If all writers show “Stable” with no errors, VSS is healthy. If any writer shows “Failed,” note the name.
4. Run vssadmin list shadows to see existing shadow copies. Try creating a new shadow copy: vssadmin create shadow /for=C: (replace C: with your system drive). If it fails with error 0x80042306, you are affected.

Impact on Enterprise and MSP Environments

Managed Service Providers (MSPs) using RMM tools to orchestrate backups across client Windows 11 endpoints are facing a cascade of failure notifications. Datto RMM users report that their daily backup checks are generating hundreds of alerts. N-able Backup (formerly SolarWinds Backup) users see similar VSS failures. Service desks are inundated with tickets. Some MSPs have resorted to using group policy to block KB5083769 via WSUS or Configuration Manager, but for clients with direct internet connections, the update often installed before the policy takes effect.

Enterprises using Microsoft Intune to manage Windows 11 can deploy a custom PowerShell script to detect the KB and uninstall it, combined with a Deferral policy to pause updates. However, leaving endpoints unpatched creates a security compliance risk that may violate internal or regulatory policies.

Expert Analysis: Why Did This Happen?

Security hardening updates frequently touch kernel-mode drivers and COM activation. KB5083769’s security fixes reportedly included mitigations for an I/O ring vulnerability (CVE-2026-XXXXX) that involved tightening the volsnap driver’s handling of flush-and-hold write requests. It is plausible that the driver’s new signature or behavior conflicted with the VSS provider’s assumptions. Additionally, the update possibly included changes to the COM+ system to prevent privilege escalation, which inadvertently reset the launch and activation permissions for the VSS coordinator CLSID. These kinds of regressions are not uncommon; the July 2023 Patch Tuesday update broke Windows LAPS for many customers in a similar vein.

Microsoft’s quality assurance gaps have been a frequent topic in the community. The Windows Insider program, while massive, cannot replicate every hardware and software combination. Backup tools that integrate deeply with VSS often use custom code to trigger snapshots, and such code paths may not be exercised in automated testing.

What Should Microsoft Do?

Industry watchers urge Microsoft to release a Known Issue Rollback immediately. A KIR is a configuration change that can be deployed silently to revert a specific fix without altering the update payload. This would restore VSS functionality while keeping other security patches active. Failing that, an out-of-band update should be issued. Historically, Microsoft has taken between 48 hours and three weeks to address such regressions. The longer the delay, the more users will resort to disabling updates entirely, defeating the purpose of Patch Tuesday.

Practical Guidance for Windows 11 Users

If you rely on VSS backups, do not install KB5083769 until Microsoft clarifies the situation. To check whether it has already been installed, go to Settings > Windows Update > Update history. If you see KB5083769 under “Quality Updates,” take action immediately:
- Run vssadmin list writers to confirm whether your system is affected.
- If writers are failing, choose a workaround based on your risk tolerance.
- Monitor the KB article (support.microsoft.com/kb/5083769) for an update.

For organizations, communicate the risk to all Windows 11 users and disable automatic updates via Group Policy or MDM until a fix is verified. Require users to perform manual file copies to a network share as an interim measure. Review security controls: if workstations remain unpatched, isolate them from sensitive network segments or enhance endpoint detection and response (EDR) coverage.

The Bigger Picture: Regression Testing in Cumulative Updates

This incident underscores the tension between rapid security patching and stability. By bundling security fixes and reliability improvements into monolithic cumulative updates, Microsoft forces organizations to accept all changes or none. A modular updating approach, as envisioned in Windows UUP (Unified Update Platform), promised finer-grained control but has not materialized at scale. Third-party backup vendors have long requested early access to cumulative updates for validation, yet Microsoft’s security embargoes often prevent pre-release distribution to ISVs.

Some voices in the community call for a return to individual patches that can be selectively applied, but Microsoft argues that cumulative updates reduce fragmentation and simplify servicing. The balance will likely continue to be debated as long as these regressions occur.

Closing Thoughts

KB5083769 is a stark reminder that every Patch Tuesday carries risk. Backup systems are the last line of defense; when an update breaks them, it creates a perfect storm where data is exposed to both ransomware and accidental deletion. Until Microsoft addresses the VSS regression, Windows 11 users must weigh the urgency of security patches against the certainty of broken backups. We will update this article as soon as an official fix or acknowledgment is released.

For immediate assistance, affected users can share their experience and find community-verified workarounds in the official Microsoft Community thread and the Reddit r/windows11 subreddit.