Microsoft’s April 14, 2026 cumulative update for Windows 11, identified as KB5083769, is causing widespread failures in third-party backup applications that rely on the Volume Shadow Copy Service (VSS). The issue affects systems running both the 24H2 and the newly deployed 25H2 builds, sparking urgent calls from IT administrators and software vendors to roll back the patch and rigorously test recovery procedures. While official documentation is still emerging, early reports indicate that backup jobs either hang, fail silently, or produce incomplete snapshots—leaving data unprotected against hardware failure, ransomware, or accidental deletion.

What is the Volume Shadow Copy Service and Why It Matters

VSS is a Windows framework introduced in Windows XP that allows applications to create point-in-time snapshots—called shadow copies—of one or more volumes. These snapshots capture file system state consistently, even while files are in use, enabling backup software to copy open or locked files without disrupting operations. The service coordinates between requestors (backup apps), writers (applications like SQL Server or Exchange that flush data to disk), and providers (hardware or software snapshot mechanisms).

Without a functioning VSS, backup tools cannot reliably capture consistent data. For databases, this means backups may contain partially written transactions, leading to corruption on restore. For simple file backups, it can result in skipped or truncated files. In enterprise environments, a broken VSS silently undermines disaster recovery plans, often going unnoticed until a restore is attempted—and fails.

The KB5083769 Update: What We Know

KB5083769 arrived as part of Microsoft’s April 2026 Patch Tuesday cycle. While the update’s release notes typically list security fixes and quality improvements, this particular rollout has been marred by reports of immediate VSS disruption. The root cause remains unclear: it could be an altered system file, a changed registry permission, or a compatibility shim that inadvertently affects the VSS infrastructure. What is clear is that multiple backup vendors have independently confirmed the breakage on Windows 11 24H2 and 25H2 after applying KB5083769.

One vendor’s alert, shared on community forums, warned that “all snapshot-based backups may fail or produce unusable recovery points.” Another noted that their software’s built-in VSS health checks now return critical errors immediately after the update. These signals point to a systemic problem rather than an isolated configuration conflict.

The affected builds (24H2 and 25H2) represent the latest Windows 11 feature updates, which many organizations delayed deploying until stability was assured. Now, those who rushed to adopt 25H2 for its performance enhancements face a new dilemma: accept broken backups or roll back to a previous, potentially less secure state.

Impact on Users and Vendors

For individual users relying on local backup software like Macrium Reflect, Veeam Agent for Windows, or Acronis, the failure is often obscure. Backups appear to complete, but the resulting restore points may be incomplete. Worse, some tools rely on periodic VSS snapshots to create incremental backups; if the snapshot service fails silently, entire backup chains become corrupted without the user’s knowledge.

In enterprises, the implications are stark. IT teams tasked with maintaining recoverable mailboxes, databases, and virtual machines must urgently verify that their backup regimes haven’t been compromised. Some administrators have resorted to pausing all updates and isolating affected machines while they test disaster recovery procedures—a costly and time-consuming diversion.

Backup vendors are scrambling. Several have posted knowledge base articles detailing temporary workarounds, such as using legacy backup methods that bypass VSS or encouraging users to uninstall KB5083769 immediately. However, these workarounds carry their own risks: bypassing VSS may prevent consistent backup of open files, and uninstalling a security update can expose systems to patched vulnerabilities.

The broader tech community has echoed these concerns. On forums like Reddit’s r/sysadmin and Microsoft’s Tech Community, threads quickly filled with admins sharing their experiences and temporary fixes. “We rolled back the update on our 200+ workstations,” one user posted. “Better to be unpatched for a few days than to have no working backups.”

How to Roll Back the Update

Organizations that have already deployed KB5083769 and confirmed VSS failures should consider immediate rollback. The process differs slightly between standalone machines and those managed via WSUS or Intune.

Manual Uninstall

For a single machine, navigate to Settings → Windows Update → Update history → Uninstall updates, locate KB5083769, and select Uninstall. The system will require a restart. This action removes the problematic patch but also eliminates its security fixes, so plan to reapply a corrected update once Microsoft releases one.

Using Command Line

Administrators can script removal across multiple devices with:

wusa /uninstall /kb:5083769 /quiet /forcerestart

This approach is efficient but necessitates thorough testing to confirm the uninstall completed successfully and that VSS functionality is restored.

Known Issue Rollback (KIR)

Microsoft sometimes deploys a KIR to instantly revert a problematic change without a full uninstall. If a KIR becomes available for KB5083769 (check the update’s known issues page), applying it is the least disruptive fix, as it leaves security patches intact while disabling the specific fix causing VSS trouble. Until then, manual uninstallation remains the primary remedy.

Group Policy to Block the Update

To prevent KB5083769 from reinstalling, configure Group Policy to block the specific update. In the Group Policy Editor, navigate to Computer Configuration → Administrative Templates → Windows Components → Windows Update → Manage updates offered from Windows Update, enable “Do not include drivers with Windows Updates” (if applicable), and more specifically, use the “Specify target Version for Windows client service” to keep devices on a pre-25H2 build, or use an update deferral policy. Note that blocking a security update should only be a short-term measure.

Test Recovery Before It’s Too Late

This incident underscores a painful lesson: backups are worthless without regular, verified restore tests. IT teams should immediately:

  • Inventory backup health: Run a VSS admin command (vssadmin list shadows) to check for recent snapshots. If no shadows exist or they show errors, the backup chain may be broken.
  • Attempt a test restore: Choose random files and databases from backup sets created after the KB5083769 installation. Restore them to an isolated location and verify integrity. For SQL databases, run DBCC CHECKDB. For Exchange, mount a recovered database in a test environment.
  • Audit backup software logs: Look for VSS-related errors such as event ID 12293 (VSS time-out) or 8193 (VSS writer error). Correlate timestamps with the update installation.
  • Communicate with vendors: Open support tickets with your backup vendor to get validated workarounds and ensure you’re using the latest compatible version. Some vendors may release hotfixes that work around the VSS issue even before Microsoft’s official patch.
  • Review disaster recovery plans: If backups have been silently corrupted for days, you may need to fall back to earlier, pre-update snapshots. Confirm that those exist and are intact.

Looking Ahead

Microsoft has historically addressed such issues within a few weeks, either by issuing an out-of-band update, a Known Issue Rollback, or by releasing a revised cumulative update on the second Tuesday of the following month. However, the complexity of VSS interactions with various drivers and services means a thorough investigation is necessary to avoid creating new problems.

In the meantime, the incident reinforces the critical role of patch testing. Organizations running Windows 11 24H2 or 25H2 should maintain a staggered deployment strategy: a pilot group of diverse hardware receives updates first, and only after a week of stability testing does the update roll out broadly. This practice, while cumbersome, catches regressions like KB5083769 before they impact production backup infrastructure.

For individuals, the advice is straightforward: if you depend on VSS-based backup tools, delay KB5083769 until Microsoft acknowledges and resolves the issue. If already installed, uninstall it and verify your backups immediately. The few days of exposure to patched vulnerabilities are a calculated risk compared to the certainty of broken backups.

As of now, no official fix exists. Keep an eye on the Windows release health dashboard for KB5083769, and subscribe to your backup vendor’s alerts. In enterprise IT, proactive defense means more than just applying patches—it means knowing when not to.