A Registry hack exists that can disable the vulnerable driver blocklist. But proceed at your own risk.
Earlier today we reported on Microsoft’s latest Windows 11 updates (KB5083769 and KB5083631), which have introduced a change that prevents certain third-party backup applications from functioning correctly. The updates block drivers used by disk imaging software such as Macrium Reflect as it’s part of Microsoft’s vulnerable driver blocklist.
Specifically, the kernel driver psmounterex.sys, which enables mounting of backup images as virtual drives, is being flagged and blocked by the OS after the latest Windows 11 updates. Microsoft has stated that the restriction is intended to improve system security as the driver relies on kernel-level access that could pose risks if exploited. You can read about the whole thing in detail in our dedicated coverage here.
The issue has obviously drawn attention from users who rely on Macrium Reflect for system backups and recovery. Without the driver, the software cannot mount images, limiting its functionality; although strangely, as we mentioned before, Macrium had seemingly already patched its software against the CVE-2023-43896 vulnerability.
While Microsoft has not yet provided an official fix and has asked to wait for software update that adds the necessary protection, community discussions online have highlighted potential workarounds. On the Malwarebytes forum for example, users have shared a temporary solution using a Registry hack. The workaround involves disabling the vulnerable driver blocklist by running the following with elevated (as admin) privilege on the Command Prompt:
reg add "HKLM\SYSTEM\CurrentControlSet\Control\CI\Config" /v VulnerableDriverBlocklistEnable /t REG_DWORD /d 0 /f
This will essentially set the value of VulnerableDriverBlocklistEnable to 0, a restart is required after this. However, this does put your system at risk so make sure to revert it back to 1 when you are done.
Joe Allen from the Macrium UK support team confirmed that Macrium is looking into the issue. In one of the app’s forum post discussing the issue, Allen said “psmounterex.sys is not used within Version X (10), this is why you would be able to mount images using X. This issue will only affect Version 8.1 users who have applied the latest Windows 11 update (KB5083769) We are continuing to investigate this further and will provide updates as more information becomes available”.
Source: Malwarebytes forum