Skip to end of metadata
Go to start of metadata


psmounterex.sys is a kernel mode driver that enables Macrium backups to be mounted and accessed by file explorer as a 'virtual drive'.


This issue regards being able to craft input such that a non-elevated process could gain access to kernel space memory outside that used by the mounting operation. This would enable a carefully crafted non-elevated process to trigger a system crash. Theoretically this class of flaw could be used as a privilege escalation attack stepping stone by a sophisticated actor.

This issue has been fixed in :

EditionBuildDateRelease Notes
Macrium Reflect Home, Workstation, Server, Server Plusv8.1.76759th October 2023____________________
Macrium Reflect Free Editionv8.0.769011th October 2023
Macrium Site Managerv8.1.769516th October 2023Release Notes

We encourage all users of Macrium Reflect or Macrium Site Manager to update at the earliest opportunity.


We thank Northwave Cybersecurity for bringing this to our attention:

  • No labels