Summary of the problem: Several third-party backup applications ceased to work after the April 2026 security update identified as KB5083769. Users and administrators report that the jobs using VSS (Volume Shadow Copy Service) fail with the error "The backup has failed because Microsoft VSS has timed out during the snapshot creation" on Windows 11 24H2 and 25H2. The products concerned include sales solutions known as Acronis, Macrium, NinjaOne and UrBackup, and some suppliers have already published technical notices and temporary guides.
Why VSS matters: Volume Shadow Copy Service is the Windows mechanism in charge of creating coherent system and data "snapshots" so that backup programs can copy blocked files or databases in use without corrupt them. When VSS fails or runs out of waiting time, the result is not just a failed copy task: it can be the silent loss of recent copies that recovery teams expect to find, compromising business continuity and RPO (recovery point targets).
What could be going on?(technical context): Although Microsoft had not disseminated a detailed explanation at the close of this note, symptoms point to a regression in how the update interacts with VSS providers or with the maximum time for snapshot creation. The snapshots that require more time (by high I / O, large volumes, or complex composition of suppliers) deplete the timeout and cause operating abortions that backup applications interpret as irreparable failures.
Operational and security impact: repeated backups failures degrade the restoration capacity; in addition, some suppliers indicate that affected equipment can disconnect from cloud consoles or appear to be "offline," which complicates remote monitoring. In a business environment this increases operational risk, and in environments with regulatory compliance may involve non-compliance if the compliant copies within required windows are not re-established.
Recommended immediate action: If you detect errors after installing KB5083769, check first the log of your backup solutions and confirm if the error corresponds to the VSS timeout. As a temporary measure and approved by several suppliers, you can uninstall the update from Settings > Windows Update > Update History > Related Settings > Uninstall updates, restart and pause updates until there is an official patch or communication. Before uninstall, document the system status and make a local copy of the records; after reversing, run a manual backup and, very important, a test restoration to validate integrity. See the supplier support note for your backup software (e.g., Acoris) and the Microsoft KB KB5083769 for official instructions and updates.
Short-term and medium-term mitigation measures: does not depend on a single copy strategy. Check that your policies include automatic restorative verification (regular restore tests), multiple retention (copies at different time points), and at least one offline copy or in removable media. In critical environments, consider running complementary copies outside the VSS scheme (e.g. block-level replication to native applications or storage snapshots) until the problem is solved. Keep inventory of agent versions and coordinate with your backup provider to apply hotfixes or recommended time settings.
Best practices for business environments: test updates in a laboratory that reproduces its topology and load before being deployed in production; automate alerts that detect backup failures and increase visibility on jobs that change to failed state; document a contingency plan that includes rapid reversal of critical patches and communication with stakeholders. To better understand the technical role of VSS and how it is used in Windows, you can consult Microsoft's official documentation on Volume Shadow Copy Service at VSS documentation.
What to expect from Microsoft and suppliers: Since there have already been other problems with April updates (including OOB corrections and BitLocker reports on servers), it is reasonable to expect patches or a KB update that will correct the interaction with VSS in the coming days or weeks. Activate the monitoring of Microsoft bulletins and support channels of your backup providers; install corrections only after validating them in controlled environments and confirming that restorations work.
Conclusion: the failure associated with KB5083769 underlines the need for prudent updating policies and previous tests, as well as the importance of verifying restorations and maintaining redundant backup strategies. If your business depends on backup for resilience, treat this incident as a reminder: the integrity of the copies is not guaranteed only by the execution of jobs, but by the proven ability to restore when needed most.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...