Microsoft's April 14, 2026 security update KB5083769 for Windows 11 versions 24H2 and 25H2 has triggered a wave of backup failures, leaving businesses and home users unable to create reliable system and file backups. The update, part of the April 2026 Patch Tuesday rollout, breaks Volume Shadow Copy Service (VSS) functionality across multiple backup applications, including Acronis Cyber Protect, Macrium Reflect, and the open-source UrBackup.

The fallout is immediate and widespread. System administrators flood support forums with reports of failed backup jobs that had been running smoothly for months. “Scheduled backups that ran flawlessly for over a year are now failing with VSS snapshot errors,” wrote one IT admin on the Windows Forum. Another posted: “KB5083769 killed our nightly Macrium image. Rolling back the update restores functionality, but I can’t leave servers unprotected.”

What Changed in KB5083769?

KB5083769 is a mandatory security update addressing a zero‑day privilege‑escalation vulnerability in the Windows kernel (CVE‑2026‑21845). While the security bulletin details fixes for the kernel and NTFS driver, it also includes non‑security improvements to Windows servicing stack and a long list of quality fixes. The side effect—broken VSS backups—was not documented in the original release notes, though backup vendors and power users quickly traced the regression to this package.

The precise root cause remains under investigation, but early analysis points to a change in how the Volume Shadow Copy drivers (volsnap.sys and swprv) handle write permissions during snapshot creation. The update enforces stricter integrity checks on the shadow copy storage area, which causes certain VSS writers—critical for database and application consistency—to time out or return an inconsistent state. The result is a cascade of VSS errors that leave backup applications unable to quiesce the file system, dooming the backup job.

Real‑World Impact

Affected users report a variety of error messages. Acronis Cyber Protect throws “Error 0x101FD: Failed to create volume snapshot” and advises checking VSS writers with vssadmin list writers. Macrium Reflect logs “Snapshot failure – VSS_E_WRITERERROR_TIMEOUT (0x80042306),” while UrBackup’s logs reveal “VSS snapshot set failed: unknown error (0x8004230F).” Veeam and Arcserve users who rely on application‑aware processing also confirm sporadic failures, though the primary reports center on Acronis, Macrium, and UrBackup.

The problem isn’t limited to enterprise environments. Home users with Windows 11 24H2/25H2 machines that automatically installed the update found their daily backups corrupted or incomplete. One Macrium user noted, “I noticed the backups were shrinking—turns out they were capturing only a fraction of the files. When I checked, VSS writers were in a failed state.”

Administrators of Hyper‑V hosts observed that guest VM backups that depend on host‑level VSS snapshots via the Hyper‑V VSS writer also fail. This extends the damage to virtualized workloads, compounding the urgency for a fix.

Vendor Responses and Workarounds

Acronis was among the first to acknowledge the issue. On April 16, the company published a knowledge base article (KB‑69025) advising customers to either uninstall KB5083769 or switch to Acronis’s proprietary “Snapshot for VSS” driver as a temporary mitigation. The driver bypasses the Windows VSS framework entirely, restoring backup capability but with a slight performance overhead and the loss of application‑level consistency for certain databases. Acronis engineering teams are working on a product update to natively handle the new VSS constraints.

Macrium issued a forum statement on April 15, recommending affected users postpone the Windows update if possible, or roll it back using the “Uninstall updates” feature in Settings > Windows Update > Update history. “We are collaborating with Microsoft to resolve the incompatibility,” a Macrium representative wrote. “In the interim, you can restore backup functionality by disabling the ‘VSS Snapshot’ option and using Macrium’s own CBT (Changed Block Tracking) driver for incremental backups, though this sacrifices backup consistency during open‑file operations.”

UrBackup, an open‑source client/server backup solution, saw its community rapid‑response team spring into action. A temporary patch (version 2.5.6‑dev3) was released that forces a retry mechanism with a longer timeout when VSS API calls fail. Early adopters report mixed results: backups eventually succeed, but snapshot creation can take up to ten minutes, rendering the workaround unsuitable for time‑sensitive environments. The project maintainers caution that the patch is experimental and should be tested in non‑production environments first.

Microsoft’s Position

As of publication, Microsoft has not updated the KB5083769 support article with any known issues related to VSS. The company typically acknowledges such regressions after internal reproduction and vendor escalation, which can take several days. A Microsoft support engineer, responding to a user on the Microsoft Community forum, stated: “We are investigating reports of backup application failures after installing KB5083769. More information will be posted in the Windows release health dashboard when available.”

History suggests that a fix will be bundled into the next cumulative update, possibly as early as the April out‑of‑band release if the pressure from enterprise customers and backup vendors intensifies. The previous VSS‑breaking incident, caused by KB5001330 in April 2021, took three weeks to resolve. Microsoft eventually fixed it in KB5001567, an emergency out‑of‑band patch.

Technical Deep‑Dive: Why VSS Broke

To understand the regression, one must look at the VSS architecture. VSS coordinates between requestors (backup apps), writers (applications like SQL Server, Exchange, or the system state), and providers (hardware or software snapshots). When a backup job starts, the requestor asks VSS to freeze (quiesce) all writers so that a consistent point‑in‑time copy can be made. The writers temporarily pause I/O, flush buffers, and signal readiness. If any writer fails to respond within 60 seconds or reports an error, the entire snapshot can fail.

KB5083769 apparently tightens the security descriptor on the \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy device namespace. This change is a defense against the privilege‑escalation bug, which allowed unprivileged users to manipulate shadow copies and execute arbitrary code in kernel mode. However, the tighter access control inadvertently blocks the necessary access modes that VSS writers and requestors require to enumerate and interact with shadow copies.

Analysis of Process Monitor traces from affected systems shows that the VSS service (and, by extension, the backup application) receives “Access Denied” when attempting to open the shadow copy device with the required SYNCHRONIZE right. The NTFS driver returns STATUS_ACCESS_DENIED, which the VSS writer infrastructure interprets as a hard failure rather than a retriable condition. This mismatch between security hardening and backward compatibility is a classic side effect of kernel‑mode fixes.

The affected binaries include volsnap.sys (version 10.0.26100.3410 from the update) and swprv.dll. The former manages shadow copy storage, while the latter is the software provider that creates and manages snapshots. In test environments where these binaries were reverted to the baseline versions from the March update, VSS functionality was restored, confirming the regression is contained within KB5083769.

Wider Implications for Windows 11 Reliability

This is the first major Patch Tuesday issue for Windows 11 2026, coming at a time when Microsoft is pushing aggressive security mandates for Windows 11 24H2 and the forthcoming 25H2. The incident echoes the turbulent update cycles of Windows 10 that dented user confidence in Windows Update’s quality assurance. For IT administrators who rely on monthly maintenance windows, an update that silently breaks backups can have catastrophic consequences if not caught before a data loss event.

Backup integrity is not merely a convenience; it is a foundational pillar of disaster recovery. When a security update breaks backup capability, organizations face a grim choice: stay vulnerable to the critical CVE‑2026‑21845 or risk operating without reliable backups. Some security teams argue that a known vulnerability that can be mitigated by network controls or endpoint detection is preferable to losing backup capability, but this calculus varies widely by industry.

What You Should Do Now

1. Verify Your Backup Status
Immediately check recent backup logs. If your backup software uses VSS, look for errors referencing snapshot failures, VSS writer timeouts, or NTFS access denied. On Windows, run vssadmin list writers in an elevated command prompt; if any writer shows a “Failed” or “Unstable” state, you are likely affected.

2. Consider Postponing KB5083769
For systems where backups are critical, you can temporarily pause the update using the “Show or hide updates” troubleshooter tool from Microsoft (wushowhide.diagcab) or by configuring a deferral policy in Windows Update for Business. This is not a long‑term strategy but buys time while fixes mature.

3. Uninstall the Update if Necessary
If backups have already begun to fail, you can remove KB5083769 via Settings > Windows Update > Update history > Uninstall updates. The system will revert to the previous build, restoring VSS functionality but also removing the security patch for CVE‑2026‑21845. Weigh this risk carefully. After uninstalling, pause Windows Updates for up to 35 days to prevent automatic re-installation.

4. Switch to Alternative Backup Methods
Many backup applications offer non‑VSS modes that do not rely on shadow copies. For file‑level backups, you can disable VSS and accept that open files may be skipped (common in simple home backup tools). For system imaging, some tools like Macrium Reflect can use the Windows ImageX API or their own CBT driver to create bare‑metal images without VSS, though you lose application consistency. For databases, consider scheduling native SQL dumps or Volume‑level snapshots if your storage subsystem supports them.

5. Monitor Vendor and Microsoft Channels
Keep an eye on the Windows release health dashboard (https://docs.microsoft.com/en-us/windows/release-health/), your backup vendor’s support site, and the Microsoft Known Issues page for KB5083769. A hotfix may appear within days.

The Road Ahead

Microsoft will almost certainly issue an out‑of‑band fix or incorporate the VSS regression into the May 2026 cumulative update. Backup vendors are rightfully pushing for an out‑of‑band release, given the severity of the breakage. In the meantime, the fallout serves as a stark reminder that even security‑focused updates can introduce mission‑critical regressions. For organizations, this episode underscores the necessity of testing updates in a staging environment that includes full backup and restore validation before allowing them into production.

The Windows 11 25H2 (2025 Update) is still in its early months of general availability, and such early‑life quality issues may dampen enthusiasm for Microsoft’s latest feature updates. Yet, with Patch Tuesday a monthly inevitability, the prudent path is to reinforce backup testing as a core part of update compliance. As one systems engineer put it: “Trust, but verify—your backups are only as good as your last restore. KB5083769 just turned that adage into a five‑alarm fire.”