Phison SSDs and Windows 11: Falsified doc debunked, patch under investigation

Phison has warned customers that a circulated document purporting to come from the company — and claiming the recent Windows 11 security updates were uniquely breaking Phison-based SSDs — is a falsified communication, and the controller vendor says it is pursuing appropriate legal action while concurrently investigating the broader Windows 11 storage regression with Microsoft and its partners. (tomshardware.com)

Background / Overview​

The immediate technical concern began after Microsoft shipped its August 2025 cumulative for Windows 11 (commonly tracked as KB5063878, with a related package KB5062660 appearing in some reporting). Independent community testing reproduced a reproducible failure profile: during sustained, large sequential writes (commonly reported around the ~50 GB mark), some storage devices became unresponsive, disappeared from Windows (File Explorer/Device Manager/Disk Management), and in certain cases returned in a corrupted or inaccessible state. Multiple testers and outlets documented this behavior and flagged a pattern in which some drives built around Phison controllers appeared over‑represented among reproduced failures — though the phenomenon was not limited to a single controller vendor. (tomshardware.com) (windowscentral.com)
A high‑profile community reproduction — widely linked across specialist forums — tested 21 drives with a sustained write workload and reported multiple devices losing enumeration mid‑write; several recovered after reboot, one remained unrecoverable, and others showed inconsistent behavior dependent on firmware, host BIOS, and workload. The community hypothesis centers on an interaction between Windows’ storage stack (buffering, NVMe command ordering, or Host Memory Buffer allocation) and controller firmware edge cases under sustained load. (tomshardware.com) (windowscentral.com)

What Phison has said (and what changed)​

Phison’s public acknowledgement​

Phison issued a measured acknowledgement that it had been “recently made aware of the industry‑wide effects” associated with KB5063878 and KB5062660 and that it had engaged industry stakeholders to review controllers that “may have been affected.” That statement stressed partner‑level coordination, promised advisories and firmware work as appropriate, and did not assign immediate blame to Windows or to a specific firmware family in public wording. (tomshardware.com)
This initial posture is standard for a controller supplier: fixes will likely be delivered through drive vendors (who must validate firmware updates for their specific SKUs), and full root‑cause attribution requires telemetry from both the platform (Microsoft) and controller/drive vendors.

The falsified document claim​

Within days of the community reproductions and Phison’s formal acknowledgement, a separate document began circulating that appeared to be a direct Phison communication to partners and customers. That document reportedly named specific Phison controller families, used alarmist language about “significant issues,” and suggested the bug was strictly limited to Phison controllers — material that, if believed, would materially harm Phison’s commercial position and customer confidence.
Phison has publicly disowned that circulated material, stating explicitly that the document was falsified and not an official or unofficial Phison communication. The company said it is addressing the matter through “appropriate legal processes” and reiterated that the Windows 11 storage problems showed evidence of affecting devices from multiple vendors and not only Phison-equipped drives.
Caveat: the claim that Phison is pursuing legal action is reported in that follow‑up statement circulated via industry press, but independent confirmation of the specific legal steps (court filings, cease‑and‑desist notices, or named defendants) was not available in public outlets at the time of reporting. Until legal filings or an official Phison legal notice are published, the assertion of legal action should be treated as Phison’s stated intent rather than independently verified litigation activity.

---

Technical anatomy — why an OS update can expose SSD fragility​

Modern NVMe SSDs are embedded systems where firmware, optional on‑board DRAM, NAND channels, and the host OS interact tightly. Two technical mechanisms are central to current diagnostic hypotheses:

• Host Memory Buffer (HMB) and DRAM‑less SSDs: cost-optimized designs omit on‑board DRAM and use HMB to borrow system RAM for mapping tables. Changes to how Windows allocates or times HMB usage can expose firmware race conditions on DRAM‑less controllers, producing hangs under sustained metadata updates.
• Sustained sequential write stress: long, continuous writes exercise controller metadata, mapping updates, and garbage collection workflows. If the OS changes NVMe command ordering, DMA timing, or buffer staging, it can violate firmware timing assumptions and trigger lockups or corrupted internal state.

Multiple specialist write‑ups and community reproductions observed consistent fingerprints — drive disappearance during sustained transfers, unreadable SMART data after the event, and sometimes recovery only after a power cycle or remaining permanently inaccessible — consistent with a controller hang or firmware-level failure exposed by host behavior changes. (tomshardware.com)

---

What we know — verified facts (and the sources for them)​

• Microsoft released the Windows 11 August cumulative update tracked publicly as KB5063878 (and related KB5062660 in some environments) on August 12, 2025. Multiple outlets confirm the release date and the package identifiers. (tomshardware.com)
• Multiple community testers reproduced a failure mode where an SSD disappears mid‑write during large sequential transfers (commonly ~50 GB) with an over‑representation of Phison‑based drives in early samples. Tom’s Hardware, Windows Central, and specialist community threads documented the test methodology and results. (tomshardware.com, windowscentral.com)
• Phison publicly acknowledged it was investigating the issue, working with partners, and reviewing controllers that may have been affected, while promising partner advisories and firmware work as needed. This acknowledgement appears in several mainstream technical outlets. (tomshardware.com, notebookcheck.net)
• A document suddenly circulating that claimed to be from Phison and asserted controller‑specific failures was declared not official by Phison, which described that document as falsified and said it would pursue legal remedy. That follow‑up — and the text of the alleged fake document — was published by at least one industry outlet and is present in the press feed we received. The claim that Phison is addressing the falsified document through legal channels comes from Phison’s statement as reported.

Those are the primary, load‑bearing facts that can be verified via vendor acknowledgement and multiple independent technical outlets.

---

What remains unproven or uncertain​

• Definitive population‑scale attribution: community tests and specialist labs provide strong, reproducible lab evidence that the KB updates can trigger drive disappearance under certain workloads, but broad population telemetry (i.e., Microsoft’s installed-base diagnostics correlated with vendor telemetry) has not been publicly released to confirm the rate, distribution, or a single root cause.
• The exact root cause: initial analyses point to an interaction between Windows’ storage behavior and firmware state under sustained writes (HMB timing or NVMe command ordering are plausible triggers). However, whether remediation requires firmware updates, an OS-level mitigation (Known Issue Rollback or targeted micro‑patch), or both depends on coordinated instrumentation that is not yet published.
• The provenance and authorship of the falsified document: while Phison says the document is false, independent tracing to the source, motives, or potential malicious actors (competitor sabotage, opportunistic bad actor, or misattribution) has not been publicly corroborated. Treat public claims about origin and motive as conjecture until forensic evidence is published.

---

Practical guidance — immediate actions for users and IT teams​

The evidence supports a conservative, risk‑first approach. Recommended triage:

• Back up now: copy essential data to an independent device or trusted cloud; do not rely on a single drive for primary backups. Backups remain the single most important defense against update‑timed corruption.
• Pause heavy writes: if your system installed KB5063878/K5062660 and you perform large, uninterrupted writes (game installs, cloning, mass archive extraction, long video exports), defer these operations where possible or split them into smaller chunks under ~50 GB as a risk‑minimizing step.
• Inventory and diagnose: check drive vendors’ update utilities (Corsair iCUE, SanDisk Dashboard, Kioxia/CST tools, etc.) for firmware advisories; do not flash firmware without a verified backup and following vendor guidance. Firmware fixes are likely the durable remediation if the culprit is controller logic. (windowscentral.com)
• Staging for enterprises: administrators should hold KB5063878 from broad deployment rings, validate large‑write workflows in a test ring, and use Microsoft’s servicing controls (Known Issue Rollback or deployment blocking) for managed fleets if vendor guidance is not yet available.
• Recovery if a drive disappears mid‑write: stop additional writes, avoid initializing or reformatting the disk, capture vendor diagnostics and Event Viewer logs, and create a block‑level forensic image before running destructive repairs. Contact vendor support early and present logs/firmware IDs for RMA and forensic triage.

---

Legal, reputational, and industry implications of the falsified document​

The sudden appearance of a forged-looking communication that explicitly blames a single supplier for an industry‑wide issue has three immediate consequences:

• Reputational risk: a widely circulated fake that pins blame on Phison could cause customers and retail partners to prematurely blacklist Phison-based SKUs, impacting sales and supplier relationships, even if the underlying technical evidence remains ambiguous.
• Commercial risk and supply chain disruption: SSD integrators and OEMs that use Phison silicon may face frantic support tickets, RMAs, and inventory freezes driven by false attribution, increasing support costs and the risk of misdirected firmware rollouts.
• Legal exposure and deterrence: by declaring the document falsified and citing legal action, Phison signals both an intent to pursue remediation and a desire to deter bad‑faith actors. If pursued, legal steps could include cease‑and‑desist letters, demands for retraction, or civil claims for damages if harm is provable. That said, legal proceedings are public only through filings or official statements; at the time of reporting, independent verification of actual filings was not available.

It’s important to note that falsified documents are unfortunately common in heated technology disputes; the pragmatic response for vendors is two‑fold: (a) publicly disavow and, where appropriate, pursue legal remedy; and (b) accelerate transparent technical communications to remove ambiguity that rumor exploits. Phison appears to be pursuing both tracks — investigation with Microsoft/partners and disavowal of the fake document — which, from a crisis‑communications standpoint, is the recommended dual approach. (tomshardware.com)

---

Critical analysis — strengths and weaknesses of the current response​

Strengths​

• Measured vendor posture: Phison’s public statement avoided premature attribution, limited speculation, and framed the issue as industry‑wide. That reduces the chance of misdirected firmware pushes or consumer panic and preserves room for telemetry‑led root‑cause work. (tomshardware.com)
• Active coordination: Phison publicly committed to partner advisories and promised to work with Microsoft — the right technical path given the cross‑stack nature of the problem.
• Community reproducibility: multiple independent reproductions of the failure pattern (the disappearing‑drive fingerprint under sustained writes) provide legitimate forensic leads for vendors to analyze and correlate against telemetry. (tomshardware.com, windowscentral.com)

Weaknesses and risks​

• Communication gaps: Phison’s initial messaging did not enumerate affected firmware revisions or provide a public model list; that forced customers to rely on community lists (which are inherently noisy). The falsified document exploited that vacuum by claiming definitive attribution to Phison controllers.
• Potential for misinformation to magnify: a falsified document that resembles vendor communications can rapidly propagate through social channels and trade partners, amplifying damage before forensic analyses complete.
• Coordination complexity: remediation likely requires SKU‑specific firmware validation from SSD vendors, and distribution timelines may vary by partner. This creates an operational window of exposure that is hard to manage for large fleets and retail customers.

---

Scenario analysis — plausible resolution paths​

• Firmware-only remediation: vendor firmware fixes for specific controller/firmware IDs that correct handling of an OS‑introduced timing or allocation pattern. This would be distributed via SSD vendors and validated per SKU.
• Microsoft mitigation + firmware: Microsoft issues a temporary Known Issue Rollback or targeted patch to restore prior host behavior while vendors prepare firmware updates — minimizing near‑term exposure.
• Hybrid: Microsoft provides an initial mitigation and vendors publish firmware updates; long‑term fixes include both OS hardening and controller robustness improvements to prevent similar cross‑stack regressions.

All three paths are realistic; the precise course depends on telemetry and forensic correlation across millions of installed devices. Phison’s partner‑centric communication implies firmware will play a central role in final remediation, but Microsoft mitigations are still on the table depending on root‑cause attribution. (tomshardware.com)

---

How this episode should change vendor and platform practices​

This incident — host update triggering latent firmware edge cases — underlines a perennial engineering reality: modern storage is co‑engineered across OS, driver, firmware, and hardware. Practical policy and engineering improvements include:

• Expanded pre‑release stress testing: exercise sustained sequential writes and HMB allocation patterns across a matrix of controller FW versions, motherboard BIOS revisions, and NVMe driver permutations.
• Better cross‑vendor telemetry sharing: a standardized minimal telemetry set that allows vendors and Microsoft to rapidly correlate failure signals without exposing user data would accelerate root‑cause analysis.
• Faster public advisories: vendor advisories that publish confirmed affected firmware IDs (not community lists) reduce rumor risk and improve remediation speed.
• Supply chain transparency: SSD vendors should maintain validated firmware distribution channels and clear versioning so system integrators can triage quickly.

---

Final assessment and takeaways​

• The Windows 11 August cumulative update(s) (KB5063878 / KB5062660) are linked to a reproducible storage regression in hobbyist and specialist test benches; the observable fingerprint strongly suggests a host‑to‑controller interaction under heavy sustained writes. (tomshardware.com, windowscentral.com)
• Phison has acknowledged investigating and working with partners, and has publicly disavowed a circulated document that falsely purported to be from the company; Phison says it is pursuing legal remedies regarding that falsified material while continuing forensic and firmware work. That falsified‑document claim is present in the press feed covering Phison’s follow‑up statement, but independent public evidence of formal legal filings was not publicly visible at the time of reporting. Treat stated legal action as a vendor claim until paperwork is published.
• The responsible short‑term posture for users and IT teams is conservative: back up, avoid heavy sequential writes on patched systems, and stage KB5063878 in controlled rings until vendors and Microsoft publish concrete fixes or mitigations. Firmware updates — delivered through SSD vendors — are the likeliest long‑term remedy if controller logic proves causal; Microsoft host mitigations remain a plausible parallel path. (tomshardware.com)

This is an evolving, cross‑stack incident where technical evidence and vendor responses are moving rapidly. The falsified‑document episode highlights an additional vector of damage: when communications are unclear, malicious or opportunistic actors can amplify confusion and commercial harm. The correct way to neutralize both the technical and reputational threats is coordinated, transparent vendor communication, verified firmware advisories, and measured legal follow‑through where documents are demonstrably forged.

---

---

Source: Wccftech Phison Issues Statment on False Documents That Are Being Sent To Their Customers Claiming That Windows 11 SSD Breaking Updates Is Specific To Their Controllers, Taking Legal Action