Microsoft’s August cumulative (KB5063878) has been tied to a narrow but serious class of SSD failures and strange slowdowns — and while community researchers now point to pre‑release engineering firmware on some drives as a plausible trigger, the broader evidence remains mixed and important questions about reproducibility, vendor disclosure, and risk mitigation are still unresolved. (bleepingcomputer.com)
Windows Update delivered KB5063878 as the August 2025 cumulative for Windows 11 24H2 (OS Build 26100.4946). Within days of the rollout, hobbyist testers and specialist outlets began documenting a reproducible failure profile: during sustained, large sequential writes — commonly reported around the ~50 GB mark and on drives already roughly 50–60% full — target NVMe SSDs could become unresponsive, disappear from the operating system, and in some cases show corrupted or unreadable SMART/controller telemetry. Reboots sometimes restored device visibility; other times the drive would not re‑enumerate without reformat or vendor repair. (tomshardware.com)
That observable fingerprint — disappearance mid‑write, unreadable controller telemetry, and occasional unrecoverable state — is what turned a handful of anecdotal posts into a coordinated industry investigation. Community reproductions, aggregated lists and forum collations were central to moving this from a single thread into a cross‑vendor issue that drew Microsoft and SSD controller makers into dialogue.
According to community posts cited in specialist coverage, a Facebook group of system builders and DIYers (PCDIY!) flagged an unusual common factor in failing drives: several of the affected units were running pre‑final engineering firmware — internal, pre‑release images that were not intended for retail customers. Those builds, the claim goes, can contain incomplete logic paths or debug hooks that behave correctly in standard lab testing but fail under altered host timing or large sequential write stress introduced by a platform change. WindowsReport relayed that PCDIY! group admin Rose Lee described lab confirmation from Phison engineers validating that some failing drives used engineering firmware. That account, if accurate, provides a concrete mechanism for how a host update could expose latent controller fragility while remaining invisible in broad vendor testing. (windowsreport.com)
Caveat and verification status: this specific claim — that pre‑release engineering firmware was the root cause and that Phison “confirmed” it in lab — is currently documented mostly in community posts and selective reporting. Major vendor statements (Phison’s public testing summary) emphasize they were unable to reproduce failures, and mainstream outlets relaying Phison and Microsoft positions report no concrete telemetry link. The engineering‑firmware explanation is plausible, technically coherent, and alarming if true — but it remains incompletely corroborated in publicly verifiable vendor documentation. Treat the engineering‑firmware hypothesis as an important working lead, not a closed, vendor‑verified root cause. (neowin.net, theverge.com)
Key technical mechanisms that make these failures plausible:
For end users, the correct posture is pragmatic caution: protect your data, avoid risky workloads while the investigation continues, apply only vendor‑validated firmware updates, and engage vendor support if you see failures. For vendors and platform teams, the episode reinforces the need for stronger firmware provenance controls, wider stress‑testing against realistic host workloads, and clearer communication channels when edge failures emerge. Until vendors publish a transparent, auditable root‑cause report or issue targeted firmware fixes, the conservative approach — staged updates, backups, and small‑batch stress testing — is the safest path forward. (neowin.net, bleepingcomputer.com)
Conclusion: the danger is real for a small subset of users; the systemic scale is disputed by vendor telemetry; and a definitive technical assignment of blame awaits fuller public disclosure from the SSD vendors and Microsoft. In the meantime, protect your data and treat large writes with care.
Source: Windows Report Here's possibly why Windows 11 KB5063878 is breaking SSDs
Windows Update delivered KB5063878 as the August 2025 cumulative for Windows 11 24H2 (OS Build 26100.4946). Within days of the rollout, hobbyist testers and specialist outlets began documenting a reproducible failure profile: during sustained, large sequential writes — commonly reported around the ~50 GB mark and on drives already roughly 50–60% full — target NVMe SSDs could become unresponsive, disappear from the operating system, and in some cases show corrupted or unreadable SMART/controller telemetry. Reboots sometimes restored device visibility; other times the drive would not re‑enumerate without reformat or vendor repair. (tomshardware.com)That observable fingerprint — disappearance mid‑write, unreadable controller telemetry, and occasional unrecoverable state — is what turned a handful of anecdotal posts into a coordinated industry investigation. Community reproductions, aggregated lists and forum collations were central to moving this from a single thread into a cross‑vendor issue that drew Microsoft and SSD controller makers into dialogue.
What people actually observed
Symptom profile (the consistent, reproducible piece)
- Drives disappear from File Explorer, Disk Management and Device Manager during long, continuous writes.
- Vendor utilities and SMART readers sometimes fail to query the device or report unreadable telemetry.
- Files written during the failure window are at risk of truncation or corruption.
- A reboot frequently restores visibility but does not guarantee integrity of newly written data; a minority of cases never recover without vendor intervention. (tomshardware.com)
Which hardware was over‑represented
Early collations named a mixed set of consumer NVMe models and controller families. Drives cited repeatedly in community tests included SKUs from Corsair, SanDisk, Kioxia, and others — and Phison controller families showed up often in reproductions. That over‑representation is a signal, not proof of universal failure across Phison silicon; tests implicated other controllers as well, meaning the root issue may be an interaction between host behavior and certain firmware revisions. (tomshardware.com)The vendor and platform responses
- Microsoft opened an investigation and asked affected customers to submit diagnostic details while saying it could not reproduce the problem uniformly across test systems. After review, Microsoft reported it had “found no connection” between KB5063878 and a measurable increase in drive failures in telemetry, while continuing to monitor reports. (bleepingcomputer.com)
- Phison initially acknowledged it had been made aware of the reports and committed to investigating controllers that “may have been affected.” The company later published an internal testing summary and said it ran extensive in‑lab validation — more than 4,500 cumulative testing hours and more than 2,200 test cycles on reported devices — and was unable to reproduce the reported device failures in its controlled testing. Phison also publicly pushed back against a circulated document that it called falsified. (neowin.net, theverge.com)
The new engineering‑firmware hypothesis (what changed)
A recent explanation circulating in enthusiast channels — and reported by some outlets — is that the update did not directly “break” NAND or controllers en masse, but instead interacted with unfinished engineering firmware builds that had accidentally been shipped in small quantities.According to community posts cited in specialist coverage, a Facebook group of system builders and DIYers (PCDIY!) flagged an unusual common factor in failing drives: several of the affected units were running pre‑final engineering firmware — internal, pre‑release images that were not intended for retail customers. Those builds, the claim goes, can contain incomplete logic paths or debug hooks that behave correctly in standard lab testing but fail under altered host timing or large sequential write stress introduced by a platform change. WindowsReport relayed that PCDIY! group admin Rose Lee described lab confirmation from Phison engineers validating that some failing drives used engineering firmware. That account, if accurate, provides a concrete mechanism for how a host update could expose latent controller fragility while remaining invisible in broad vendor testing. (windowsreport.com)
Caveat and verification status: this specific claim — that pre‑release engineering firmware was the root cause and that Phison “confirmed” it in lab — is currently documented mostly in community posts and selective reporting. Major vendor statements (Phison’s public testing summary) emphasize they were unable to reproduce failures, and mainstream outlets relaying Phison and Microsoft positions report no concrete telemetry link. The engineering‑firmware explanation is plausible, technically coherent, and alarming if true — but it remains incompletely corroborated in publicly verifiable vendor documentation. Treat the engineering‑firmware hypothesis as an important working lead, not a closed, vendor‑verified root cause. (neowin.net, theverge.com)
How an OS update can expose firmware edge cases (technical primer)
NVMe SSDs are tightly coupled systems where the operating system, NVMe driver, PCIe host, SSD controller firmware, and NAND behavior interact in real time. Small changes in the host — kernel buffering, I/O scheduling, or Host Memory Buffer (HMB) usage — can alter timing and queue depth in ways that trigger latent bugs in controller firmware.Key technical mechanisms that make these failures plausible:
- Host Memory Buffer (HMB): DRAM‑less designs use HMB to cache mapping tables in system RAM. Changes in host allocation behavior or timing can stress firmware that assumes particular latencies.
- SLC/DRAM caches and write handling: Consumer SSDs use SLC caching and on‑chip DRAM to smooth writes. When cache strategy, fill level, or command timing changes unexpectedly, firmware corner cases (e.g., mis‑handled cache exhaustion, bad error recovery paths) can lead to controller hang or mapping corruption.
- NVMe admin and I/O command timing: Kernel‑level changes to how flushes, write barriers, or power‑management states are handled can expose firmware that violates NVMe timing or error‑recovery expectations.
- Thermal or resource thresholds: Drives that are more than ~50–60% full have reduced spare area and smaller effective SLC caches; they are therefore more likely to hit conditions that stress the FTL (flash translation layer).
Strengths and weaknesses of the evidence so far
Strengths (what is solid)
- Multiple independent reproductions from hobbyist testers and specialist outlets show a consistent failure fingerprint (drive vanishes at sustained writes) under similar workloads. That reproducibility across benches is technically meaningful.
- Vendor engagement (Phison, Microsoft) and extensive testing were initiated quickly, which helps rule out broad systemic failure modes and points toward a narrow, environment‑specific interaction. Phison’s publicly disclosed 4,500+ test hours and 2,200+ cycles are significant validation effort: large‑scale internal testing did not reproduce a generalized failure mode. (neowin.net, theverge.com)
- The workload and fill‑level heuristics (~50 GB writes; ~50–60% full) are consistent across multiple hands‑on tests and make sense technically with how consumer SSD caches and FTL behavior scale under pressure.
Weaknesses and open risks (what remains unclear)
- The pre‑release engineering firmware narrative relies primarily on community channels and selected reporting; it is not yet fully documented in vendor advisories that can be independently audited. If a small number of retail drives were inadvertently shipped with engineering firmware, that would be a supply‑chain disclosure problem that many vendors may not immediately publicize. The claim therefore needs independent vendor confirmation to become a definitive root cause. (windowsreport.com)
- Phison’s inability to reproduce the issue in extensive lab testing raises a competing inference: either the failure is restricted to a tiny subset of firmware/hardware combinations, or other environmental factors (specific motherboard BIOS, PSU behavior, or even counterfeit/factory‑reflowed units) are playing a role. The null result from vendor testing complicates attribution. (theverge.com)
- Public telemetry from Microsoft — which reported no measurable uptick in drive failures linked to the patch — argues against a widespread software defect. But Microsoft’s telemetry may not surface rare, batch‑specific hardware firmware anomalies. The difference between population telemetry and edge‑case lab conditions is the central investigative tension. (bleepingcomputer.com)
Practical advice for Windows users and IT admins
Short version: back up, avoid big writes, check vendor guidance, apply vetted firmware only after backup, and stage updates in enterprise environments.- Back up critical data now. Use the 3‑2‑1 rule (three copies, two media, one offsite). The most urgent step for any user is to ensure recoverable copies exist.
- Avoid sustained large sequential writes until the situation is resolved (game installs, mass archive extraction, cloning, large media exports). Community reproductions concentrate on transfers of tens of gigabytes in a single continuous operation. (tomshardware.com)
- Check your SSD vendor’s support portal for firmware updates or advisories. If a vendor releases firmware that specifically addresses this problem, follow their documented process — but only after a verified backup and following vendor warnings about firmware updates. Firmware updates can change wear leveling and mapping; applying them without an intact backup is risky.
- If you experience a disappearance mid‑write:
- Stop writing to the device immediately.
- Power down the machine and preserve the drive.
- Collect logs and SMART/telemetry if the device is still readable.
- Image the device with a forensics tool before any repair attempts if the data is valuable.
- Contact the vendor and supply logs and test conditions; they may request firmware dumps or RMA.
- In enterprise environments:
- Stage KB5063878 in a test ring that mirrors deployed storage hardware.
- Run large sequential write stress tests before broad rollout.
- Use WSUS/SCCM to hold the update where appropriate and deploy to limited cohorts first.
- About Secure Erase and SLC cache “fixes”: some community and vendor‑adjacent posts have suggested the symptom of progressive slowdown under heavy writes can be caused by SLC cache exhaustion, and that a full Secure Erase can restore performance by resetting the drive’s mapping and cache state. However, the claim that a Secure Erase is the definitive remedy for the KB5063878‑linked disappearances is not uniformly documented in vendor advisories; use Secure Erase only if recommended by the drive’s manufacturer and only after you have a verified backup. Where vendors have publicly published best practices, follow them. Treat rescue steps circulating on forums as contingency options to consider with vendor guidance, not as universal cures. (windowsreport.com)
Forensic and supply‑chain considerations (why the engineering‑firmware story matters)
If the engineering‑firmware theory is confirmed, it points to a different class of problem: not a single buggy OS patch, but a leakage of internal pre‑release firmware into the retail supply chain. The implications are severe:- A small population of units might contain firmware that was never stress‑tested against real‑world host changes. Those units could fail sporadically when the platform changes (like a Windows patch) exercise a corner case.
- Vendors’ lab testing fleets and partner QA channels may miss such units if those builds were used during OEM finalization or if a third‑party integrator flashed the wrong image during assembly.
- Detection and mitigation require firmware provenance tracing and possibly recalls or firmware‑over‑the‑air (FOTA) fixes — both of which are costly and logistically complex.
Bottom line: cautious, evidence‑based conclusions
- There is a robust, reproducible symptom cluster tied to sustained large writes on certain drives that surfaced after KB5063878, and the pattern has been independently observed by multiple testers and reported across specialist outlets. (tomshardware.com)
- Microsoft and Phison ran separate internal investigations; publicly, both have reported they could not reproduce a population‑level defect attributable to the update. Phison’s public test summary references thousands of test hours and over 2,200 cycles without reproducing a systemic failure. That does not invalidate every user report, but it does reduce the likelihood of a wide‑scale, update‑level catastrophe. (bleepingcomputer.com, neowin.net)
- The pre‑release engineering firmware hypothesis provides a plausible, supply‑chain level explanation for isolated but severe failures — and it aligns with the idea that a host platform change can expose firmware edge cases — but that hypothesis remains incompletely corroborated in vendor public documentation and should be treated as an important investigative lead rather than a closed causal claim. Users and admins should regard it with appropriate caution. (windowsreport.com, theverge.com)
- Practical mitigation is straightforward and immediate: prioritize backups, avoid large sequential writes on patched systems, stage updates in managed environments, and apply only vendor‑approved firmware fixes once they are documented. Imaging failing drives before repair attempts and working with vendor support remain the best paths for data preservation.
Quick checklist (what to do right now)
- Back up important data to external or cloud storage immediately.
- Avoid large continuous writes (bulk installs, cloning, archive extraction) on systems that installed KB5063878.
- Check vendor support pages for firmware advisories — do not flash unofficial images.
- If a drive disappears mid‑write, stop and preserve the device; image it before attempting repairs if the data matters.
- In enterprise environments, hold KB5063878 in a ring until controlled stress tests involving representative storage hardware pass.
Final assessment
The KB5063878 episode is a textbook example of how a small change in the host can interact with complex, versioned firmware in the field to produce outsized, hard‑to‑triage outcomes. Independent reproductions make clear there is a real, technically coherent failure mode tied to sustained writes and near‑full capacity on some drives. Vendor test efforts — large and formal — have so far been unable to reproduce the problem at scale, and major players publicly assert there is no population‑level telemetry signal linking the update to widespread device failures. Meanwhile, a credible community hypothesis that pre‑release engineering firmware was accidentally present on some retail units would explain why vendors’ broad testing missed the issue; that hypothesis is important and plausible, but not yet fully documented in vendor disclosures.For end users, the correct posture is pragmatic caution: protect your data, avoid risky workloads while the investigation continues, apply only vendor‑validated firmware updates, and engage vendor support if you see failures. For vendors and platform teams, the episode reinforces the need for stronger firmware provenance controls, wider stress‑testing against realistic host workloads, and clearer communication channels when edge failures emerge. Until vendors publish a transparent, auditable root‑cause report or issue targeted firmware fixes, the conservative approach — staged updates, backups, and small‑batch stress testing — is the safest path forward. (neowin.net, bleepingcomputer.com)
Conclusion: the danger is real for a small subset of users; the systemic scale is disputed by vendor telemetry; and a definitive technical assignment of blame awaits fuller public disclosure from the SSD vendors and Microsoft. In the meantime, protect your data and treat large writes with care.
Source: Windows Report Here's possibly why Windows 11 KB5063878 is breaking SSDs