Navigation section

NDI Stuttering After August 2025 Windows Update: Mitigation Guide

  • Thread Author
Microsoft has formally acknowledged that its August 12, 2025 cumulative security update is responsible for severe stuttering, lag and choppy audio/video in NDI-based workflows on affected Windows 11 and Windows 10 builds, and vendors and community engineers have published an immediate—but imperfect—workaround while Redmond investigates a permanent fix. (learn.microsoft.com)

Two analysts monitor multiple blue-lit screens displaying graphs and data in a control room.Background / Overview​

The August 12, 2025 Patch Tuesday rollup for Windows shipped as combined servicing packages for multiple branches; the Windows 11 24H2 cumulative is distributed as KB5063878 (OS Build 26100.4946), while companion packages for Windows 10 (and other Windows 11 branches) were published the same day. Those rollups fixed a large set of security flaws, including a publicly disclosed Kerberos elevation‑of‑privilege bug, but they also coincided with multiple regressions that quickly surfaced in the field. (bleepingcomputer.com)
One of those regressions—now formally described in Microsoft’s Release Health entries—affects NDI (Network Device Interface) streams when configured to use NDI’s default transport, RUDP (Reliable UDP). The vendor‑recommended mitigation is to change NDI’s Receive Mode on affected receiving hosts to Single TCP or UDP (Legacy) until Microsoft ships a corrective update. (learn.microsoft.com) (m.vmix.com)

Why this matters: NDI, multi‑PC production, and what broke​

NDI is a widely used, low‑latency, high‑quality IP video protocol used by broadcasters, production houses, corporate AV teams, and streamers. Typical multi‑PC workflows use one machine to capture (often via Display Capture) and another to encode or mix; NDI transports full‑resolution video and audio across local networks so that complex productions can be built from commodity hardware.
The regression manifests as:
  • Severe stuttering and dropped frames in live NDI feeds.
  • Choppy or out‑of‑sync audio/video, particularly when Display Capture is the source.
  • Visible problems even on low‑bandwidth, low‑loss LANs, indicating a transport/processing timing fault rather than pure congestion. (learn.microsoft.com)
Microsoft explicitly lists affected platforms and originating updates in its release health advisory: client systems running Windows 11, version 24H2 (KB5063878) and Windows 10, versions 22H2 and 21H2 (KB5063709) were the primary focus of the notice. The company classed the NDI problem as “Confirmed” and said engineering teams are investigating. (learn.microsoft.com)
Community and vendor telemetry show the fingerprint is consistent: when NDI streams use RUDP, flows can abruptly degrade; traffic sent via UDP (Legacy) or Single TCP appears unaffected in reproduced tests. That pattern points to a transport‑layer interaction rather than a general application bug in OBS, vMix or NDI Tools. (m.vmix.com, theregister.com)

Technical primer: RUDP vs UDP vs TCP — why RUDP is sensitive​

How the transports differ (short)​

  • UDP (Legacy): Unreliable datagrams, no retransmissions, minimal overhead. Best for stable LANs where packet loss is rare and low latency is critical.
  • TCP (Single TCP): Ordered, reliable byte stream with retransmissions and congestion control; robust but can introduce head‑of‑line blocking that raises latency under loss.
  • RUDP (Reliable UDP): An application‑level reliability layer layered on UDP that attempts to combine UDP’s low latency with selective retransmission and pacing to maintain visual quality without the strict ordering penalty of TCP.
NDI 5 and later commonly use RUDP as the default because it balances latency and quality under typical LAN conditions. But that same application‑level complexity makes RUDP sensitive to small changes in socket timing, buffering, scheduler behavior or kernel networking code paths. If the operating system alters how packet queuing, timers, or acknowledgements are scheduled, RUDP’s retransmission, congestion window and pacing heuristics can fall out of step—producing periodic stalls, retransmission storms, or audio drift even when bandwidth looks ample. (m.vmix.com)

Why the August updates likely triggered the regression​

Microsoft’s public statement does not include a root cause analysis, but available signals point to a narrow interaction:
  • The problem appears only with RUDP connections; UDP and TCP flows remain stable in tested environments, suggesting the OS‑level change impacts RUDP’s timing or its expectations of the underlying UDP socket semantics. (learn.microsoft.com)
  • The issue reproduces even on low‑utilization networks, which reduces the likelihood the fault is network capacity. That pattern is consistent with timing, retransmission or scheduler changes at the OS socket or kernel network stack level.
Until Microsoft publishes an engineering post‑mortem, any precise root‑cause statement remains inference, but the operational evidence converges on a transport‑layer mismatch created by the cumulative update.

The immediate mitigation: change NDI Receive Mode (step‑by‑step)​

Vendors and Microsoft recommend changing the NDI Receive Mode on receiving hosts. The change is reversible and does not require uninstalling the security update.
  • Install the NDI Tools pack on the receiving machine (if not already installed).
  • Launch NDI Access Manager.
  • Open the Advanced tab.
  • Under Receive Mode, select Single TCP or UDP (Legacy) instead of RUDP.
  • Click OK and then restart any NDI‑receiving applications (OBS, vMix, Studio Monitor) so they pick up the modified configuration. (bleepingcomputer.com, m.vmix.com)
Practical notes and trade‑offs:
  • Single TCP is the safest universal fallback—it typically eliminates the stutter—but it can add end‑to‑end latency and is vulnerable to head‑of‑line blocking under packet loss, which may be unacceptable for ultra‑low‑latency switchers or tight multi‑camera timing budgets. (windowsforum.com)
  • UDP (Legacy) preserves lower latency on clean LANs but sacrifices RUDP’s retransmission and ordering improvements; it’s reasonable on dedicated, low‑loss Ethernet segments. (windowsforum.com)
  • After changing Receive Mode, all receiving apps must be restarted, because they read the Access Manager configuration at startup. Plan this carefully for live shows and remote contributors. (windowsforum.com)
If reconfiguring all receivers is infeasible (for instance, remote guests the producer cannot access), some teams have chosen to temporarily uninstall the August KB on affected hosts—but that carries security and redeployment risks (see below). (tomsguide.com)

Cross‑checking the facts: Microsoft, vendors, and the press​

Key load‑bearing facts are corroborated across Microsoft’s Release Health entry, vendor advisories and independent press:
  • Microsoft’s release health page lists a confirmed entry describing “severe stuttering, lag, and choppy audio/video” when using NDI after installing the August 2025 updates, and recommends the vendor‑provided workaround. (learn.microsoft.com)
  • NDI (and vendors using NDI like vMix) published guidance showing the same mitigation—change Receive Mode to Single TCP or UDP (Legacy). Vendor knowledge bases reproduce the step‑by‑step process. (m.vmix.com)
  • Independent outlets such as BleepingComputer, Tom’s Guide and The Register independently reported Microsoft’s acknowledgement and reproduced the symptom profile and mitigation, reinforcing that this is a genuine Microsoft‑acknowledged regression and not an isolated third‑party anomaly. (bleepingcomputer.com, tomsguide.com, theregister.com)
These independent confirmations fulfill the editorial requirement to cross‑reference the principal claims with multiple credible sources.

Collateral issues in the same Patch Tuesday window​

The NDI regression is one of several regressions and deployment headaches that accompanied the August rollups. Other confirmed or broadly reported problems include:
  • Reset / Recovery failures: Microsoft issued out‑of‑band fixes for reset and cloud recovery regressions affecting certain Windows 10 and Windows 11 servicing families; these were acknowledged and patched with emergency OOB packages. Administrators were advised to avoid using Reset this PC or cloud‑reinstall flows on affected builds until OOB packages were applied. (tomshardware.com)
  • WSUS / deployment errors: Enterprises pushing the August LCU via WSUS initially saw installations fail with error 0x80240069; Microsoft addressed distribution issues and offered Known Issue Rollback‑style mitigations. (bleepingcomputer.com)
  • Storage anomalies (SSD/HDD): Reports emerged that certain NVMe SSDs—notably some with Phison controllers or DRAM‑less designs—could disappear or become inaccessible under sustained large writes on systems with KB5063878 installed. Vendors including Phison acknowledged investigations and Microsoft engaged with partners. These storage claims are actively investigated and vary across hardware; caution is warranted before concluding causality for every reported device failure. (windowscentral.com, tomshardware.com)
Those collateral items increase the operational friction for administrators: the same cumulative rollups that fix critical vulnerabilities also introduced at least three separate, high‑impact failure classes for some customers. That trade‑off complicates blanket guidance to “install immediately” or “postpone” without an environment‑specific risk assessment.

Operational guidance for streamers, AV teams and IT​

For creators and small production teams
  • Apply the NDI Receive Mode workaround on every receiving host as the primary mitigation. It’s the least disruptive fix and preserves the August security updates. (m.vmix.com)
  • Test end‑to‑end before going live: restart NDI apps and run a dress rehearsal after changing transport settings to confirm latency and sync meet show requirements. (windowsforum.com)
  • If latency tightness is critical and TCP causes unacceptable timing degradation, prefer UDP (Legacy) on dedicated, low‑loss LANs—but monitor for dropped frames because RUDP’s retransmission logic will no longer protect the flow. (windowsforum.com)
For enterprise administrators and AV managers
  • Use pilot rings. Deploy the August updates to a controlled pilot group that includes representative AV/production hardware and NDI workflows. Validate the NDI transport fallback and Observe storage behavior under typical workloads.
  • Consider Known Issue Rollback (KIR) or OOB packages where Microsoft has published them for specific problems (for example, out‑of‑band fixes for reset/recovery). Review Microsoft’s guidance for the appropriate servicing family before deploying.
  • Do not default to uninstalling security updates on critical servers without a formal risk assessment. The August rollup fixed a high number of vulnerabilities—including a publicly disclosed Kerberos flaw—so delaying patches increases exposure to exploitation. Evaluate compensating controls (network isolation, host hardening) while you pilot mitigations. (bleepingcomputer.com)
Security vs. availability trade‑off
  • The August rollups addressed a very large set of security issues (reports across outlets vary between ~107 and 119 CVEs depending on whether non‑Windows components are included). Independent outlets list figures in the low‑hundreds; the exact count differs among reports. Patch urgency must be weighed against the operational impact on production workloads. Administrators should document the decision path and accept the residual risk if they temporarily defer an update in a production environment. (bleepingcomputer.com, intruceptlabs.com)

Risk analysis and what to watch for next​

Strengths in Microsoft’s response
  • Rapid acknowledgement: Microsoft elevated the NDI symptom to a Release Health “Confirmed” status within days, giving administrators a clear signal that the company is investigating. (learn.microsoft.com)
  • Vendor collaboration: NDI and third‑party vendors quickly published practical mitigations, and vendor documentation (NDI Tools, vMix knowledge base) provides a reproducible mitigation path for teams. (m.vmix.com)
Risks and open questions
  • Root cause transparency: Microsoft has not yet published a low‑level technical analysis explaining precisely which kernel or networking path changed and why it upsets RUDP. Without that, vendors and ISVs cannot confidently predict whether future rollups will reintroduce similar regressions. This raises the specter of recurrence.
  • Operational burden: The workaround requires per‑machine configuration changes and restarts. In large campuses, remote contributor setups, and managed AV estates, the administrative overhead and potential for human error are real risks during live events. (windowsforum.com)
  • Collateral hardware effects: Storage anomalies reported alongside KB5063878 complicate the choice to reinstall or remove updates. Those storage reports remain partly under independent investigation and must be validated per vendor/firmware model before sweeping remediation decisions are made. (tomshardware.com)
What to monitor now
  • Watch Microsoft’s Release Health and the update catalog for a subsequent cumulative fix or an out‑of‑band hotfix that specifically addresses the RUDP interaction. Microsoft’s messaging implies the fix will arrive as a servicing update or a KIR-styled mitigation. (learn.microsoft.com)
  • Track NDI/vendor documentation for any updates that harden RUDP against OS‑level changes or add automatic fallbacks. If NDI releases a patched transport implementation, that could remove the need to change Receive Mode. (m.vmix.com)
  • Monitor storage vendor advisories and OEM firmware updates if you operate drives implicated in community tests; treat heavy sequential writes with extra caution until vendor guidance is clear. (windowscentral.com)

Practical checklist (for producers and IT teams)​

  • 1.) If you already updated and see NDI stutter: change NDI Receive Mode to Single TCP or UDP (Legacy), restart NDI apps, and run a rehearsal. (m.vmix.com)
  • 2.) If you haven’t yet updated production hosts: assess risk—install + reconfigure NDI or delay and isolate depending on your security posture and threat model.
  • 3.) For managed fleets: pilot KBs on representative AV/NDI hardware, verify storage I/O patterns, and apply Known Issue Rollback/OOB packages where Microsoft recommends them.
  • 4.) Keep backups and use the 3‑2‑1 rule before performing heavy writes or resets on hosts updated with the August rollup. (windowscentral.com)

Conclusion​

The August 12, 2025 cumulative updates (notably KB5063878 for Windows 11 24H2 and KB5063709 for Windows 10 servicing families) delivered important security fixes but also introduced a clear operational regression for NDI workflows that rely on RUDP. Microsoft has acknowledged the NDI streaming performance issue on its Release Health dashboard and pointed users to vendor guidance; vendors have published practical steps to mitigate the impact by switching NDI Receive Mode to Single TCP or UDP (Legacy) while a permanent remedy is developed. (learn.microsoft.com, m.vmix.com)
For production teams the path forward is one of mitigation and prudence: apply the temporary transport change, validate it under show conditions, and balance the security benefits of the August rollup against the very real availability needs of live workflows. Keep an eye on Microsoft’s Release Health updates and vendor advisories for the arrival of a targeted fix, and document every decision to delay or alter patching—both to preserve security posture and to protect live production continuity. (m.vmix.com)
Source: RS Web Solutions Microsoft Confirms Lag Issues in Windows 11 24H2 and Windows 10
 

Click to expand...
Microsoft has acknowledged a confirmed regression in its August 2025 cumulative updates that can produce severe stuttering, lag and choppy audio/video in NDI‑based streaming workflows on machines updated to Windows 11 version 24H2 and certain Windows 10 servicing branches. (bleepingcomputer.com)

A man monitors ocean data across multiple blue-lit computer screens.Background / Overview​

In the August 12, 2025 Patch Tuesday rollup Microsoft shipped multiple cumulative security updates, including the Windows 11 24H2 cumulative identified as KB5063878 (OS Build 26100.4946) and companion Windows 10 packages such as KB5063709 for 22H2/21H2. These packages fixed numerous vulnerabilities but have also coincided with multiple operational regressions that surfaced rapidly in production and creator environments. (support.microsoft.com)
One of the most visible problems affects the Network Device Interface (NDI) protocol used by broadcasters, AV teams and streamers to move high‑quality, low‑latency audio/video between PCs on local networks. After installing the August updates, many users reported reproducible stutter, dropped frames and audio drift in NDI flows, especially when Display Capture was used as the source in capture tools such as OBS Studio. Microsoft posted a Release Health advisory acknowledging the behavior and pointing to vendor guidance while engineering investigates. (bleepingcomputer.com, tomsguide.com)

What broke, and why it matters​

The symptom set (what users are seeing)​

  • Severe stuttering and dropped frames that make live switching and multi‑camera productions unusable.
  • Audio falling out of sync with video — frequent retransmissions and buffering cause drift.
  • Problems are often most pronounced when the source uses Display Capture, though other capture modes can be affected. (bleepingcomputer.com, tomsguide.com)
These are not occasional, single‑frame glitches; they often present as recurring, rhythmic micro‑pauses or retransmission storms that degrade the entire stream experience for viewers and participants. Field reproductions from vendors and community engineers show the issue occurs on otherwise healthy LANs, indicating a transport/timing regression rather than a simple bandwidth saturation problem. (m.vmix.com)

Why NDI’s default transport (RUDP) is the flashpoint​

NDI 5 defaults to Reliable UDP (RUDP) — an application‑level transport that tries to combine UDP’s low latency with application‑level reliability (sequencing, retransmissions, pacing). RUDP depends on precise timing, socket buffering and scheduler behaviors from the underlying OS. A subtle change in kernel networking timing or socket semantics can cause RUDP’s retransmission and congestion heuristics to misinterpret normal conditions as loss, trigger aggressive retransmissions, and produce the stuttering documented by streamers and AV professionals. Switching NDI to Single TCP or UDP (Legacy) appears to avoid the fault in practice, which strongly implicates a platform-level transport interaction. (m.vmix.com, theregister.com)

Confirmations and cross‑checks​

Multiple independent outlets and vendors have reproduced the fingerprint and confirmed Microsoft’s advisory:
  • Microsoft’s Release Health advisory calls out the problem as “Severe stuttering, lag, and choppy audio/video” with NDI after the August update and points to vendor guidance to change NDI’s Receive Mode away from RUDP while engineering investigates. (bleepingcomputer.com)
  • NDI (and downstream vendors such as vMix) published knowledge‑base guidance that identifies RUDP as the affected transport and documents changing Receive Mode to Single TCP or UDP (Legacy) as a mitigation. (m.vmix.com)
  • Independent coverage from specialist press (BleepingComputer, Tom’s Guide, The Register, Neowin and others) reproduced the symptoms and corroborated Microsoft’s status update. (bleepingcomputer.com, tomsguide.com, theregister.com)
  • Community and admin forums tracked operational impact and posted mitigation guides and pilot‑ring recommendations echoed by vendors and IT pros.
These cross‑checks satisfy the editorial requirement to confirm the principal claims from multiple independent sources: Microsoft’s own advisory, vendor KBs, and reputable independent press all report the same fundamental fingerprint and interim remediation. (m.vmix.com)

Practical mitigation: how production teams can keep shows running​

The vendor‑recommended mitigation preserves the August security baseline while restoring stable NDI behavior for most topologies. Follow these steps carefully for production environments.
  • Confirm affected hosts:
  • Open Settings → Windows Update → Update history → Uninstall updates and verify whether KB5063878 (Windows 11 24H2) or KB5063709 (Windows 10) is installed, or check winver to read the OS build. (support.microsoft.com)
  • Preferred mitigation (preserves security updates):
  • Download and install the free NDI Tools pack on receiving machines (if not already installed).
  • Launch NDI Access Manager.
  • Open the Advanced tab and change Receive Mode from RUDP to Single TCP or UDP (Legacy).
  • Click OK and restart all NDI‑receiving applications (OBS, Studio Monitor, vMix, etc.) because many clients read Access Manager settings only at startup. (m.vmix.com, windowsforum.com)
  • Alternative (last resort): uninstall the August KB on an affected host via Settings → Windows Update → Uninstall updates. Note that combined SSU+LCU packaging may complicate removal and may require DISM-based package removal; uninstalling reintroduces security exposures and should be used only when reconfiguration is infeasible and compensating controls exist. (support.microsoft.com)
  • Test the change end‑to‑end in a rehearsal to confirm latency, audio/video sync and frame‑drop behavior before going live. Single TCP is generally the most robust fallback but will add a few milliseconds of latency and can be susceptible to head‑of‑line blocking under packet loss. UDP preserves low latency on clean LANs but lacks RUDP’s retransmission resilience. (windowsforum.com, m.vmix.com)

Operational guidance for IT managers and AV engineers​

  • Pilot rings are essential. Keep representative AV and NDI workflows in your early deployment ring; test recovery, large file I/O and NDI transports before broad roll‑out.
  • Document change windows. Changing Receive Mode on dozens of remote endpoints requires coordination; schedule restarts and rehearsal windows to avoid show‑day surprises.
  • Avoid wholesale rollback across a fleet. Uninstalling security updates at scale exposes endpoints to the vulnerabilities patched in the August rollup; prefer the vendor network workaround where possible. (windowsforum.com)
  • If remote guests cannot change settings, consider deploying a LAN relay/bridge that accepts a safer transport from the guest and forwards the stream internally using the chosen transport. This adds complexity but can isolate remote endpoints from the regression. (windowsforum.com)

What Microsoft and vendors have said (status as of the advisory)​

  • Microsoft acknowledged the NDI streaming performance regression in its Release Health channel and indicated engineering is investigating; the advisory points to the vendor workaround as an interim measure. (bleepingcomputer.com)
  • NDI published vendor guidance titled “Traffic Drops After Windows Update” describing the observed behavior and instructing customers to change Receive Mode to Single TCP or UDP (Legacy). Downstream vendors like vMix mirrored the recommendation and added step‑by‑step instructions for customers. (m.vmix.com, neowin.net)

Broader August update context and additional regressions​

The NDI regression is one of several issues reported after the August 12 cumulative updates. Other, separate problems surfaced in the same window:
  • A recovery/reset regression that caused Reset this PC and the Fix problems using Windows Update flows to fail on several client branches. Microsoft issued out‑of‑band (OOB) fixes in mid‑August to remediate that specific recovery failure for affected branches.
  • Community reports and some outlets flagged a troubling behavior where certain SSDs (notably Phison‑controller NVMe devices in some reports) could disappear or become corrupted under heavy writes after installing a late‑August package. This SSD disappearance/data‑corruption claim has been covered by Tom’s Hardware and ITPro, but it was not universally acknowledged by Microsoft in the initial KB text and requires careful verification on a per‑vendor level. Treat these storage reports as partially verified and monitor vendor firmware advisories before making judgement calls. (tomshardware.com, itpro.com)
Because multiple distinct regressions appeared around the same release, administrators must weigh operational risk, track Microsoft’s Release Health updates, and apply out‑of‑band fixes where Microsoft has published them for known issues rather than taking broad rollback actions that sacrifice security coverage.

Technical analysis — probable root causes and why RUDP is fragile​

RUDP is an application‑layer protocol that assumes certain low‑level socket, timing, and buffering semantics from the host OS and network stack. When a cumulative update modifies:
  • kernel scheduling or timer granularity,
  • socket buffer defaults or pacing behaviors,
  • or network I/O completion semantics,
then RUDP’s retransmission timers and pacing heuristics can be upset. That can transform benign reordering or timing jitter into perceived packet loss, which triggers retransmissions and queuing pressure, producing the repeated micro‑stalls reported by producers. The fact that UDP (Legacy) and Single TCP remain unaffected supports the conclusion that the regression is not in NDI’s user‑space media pipeline but in the interaction between RUDP’s timing assumptions and the updated Windows networking stack. This analysis is consistent with vendor experimentation and public reporting but remains a technically informed inference until Microsoft publishes a root‑cause postmortem. (m.vmix.com)

Risks, tradeoffs and decision points​

  • Security vs. availability: Uninstalling the August cumulative removes the transport regression for some sites but reintroduces dozens of patched vulnerabilities. For production environments, the recommended path is to adopt the NDI transport mitigation and keep the security baseline in place. (windowsforum.com)
  • Latency vs. reliability: Changing to Single TCP usually stabilizes streams but can add latency and exhibits head‑of‑line blocking under loss. UDP (Legacy) keeps latency low but gives up retransmission protection. Choose based on your tolerance for latency and the measured packet loss characteristics of your LAN. (m.vmix.com)
  • Operational overhead: Reconfiguring many receiving endpoints is a nontrivial task for distributed events and can require scheduled restarts — plan and test thoroughly.
  • Unverifiable secondary claims: Reports about SSDs disappearing and corruption are serious but not uniformly corroborated by Microsoft’s immediate advisories; treat these reports with caution, validate against hardware vendor firmware advisories, and avoid speculative conclusions until vendor telemetry is available. (tomshardware.com, itpro.com)

Short checklist for creators, AV teams and IT​

  • Confirm whether KB5063878 or KB5063709 is installed on any hosts in your production chain. (support.microsoft.com)
  • Change NDI Receive Mode on all receiving hosts to Single TCP or UDP (Legacy) using NDI Access Manager, then restart receiving applications. (m.vmix.com)
  • Run a full rehearsal after changes to validate latency and lip‑sync.
  • Keep the August security updates installed where possible; prefer remediation that preserves security coverage over wholesale rollback. (windowsforum.com)
  • If you manage endpoint deployment, roll out updates to a pilot ring that includes representative AV hardware before broad deployment.

What to watch next​

  • Microsoft engineering updates to Release Health and any published patch notes that explicitly document a permanent fix for RUDP‑related timing interactions.
  • Vendor KB or firmware advisories from SSD/drive manufacturers if you rely on large file I/O or specific NVMe controllers; validate any reported storage anomalies against vendor tools and telemetry. (itpro.com)
  • Community telemetry and independent reproductions; persistent cross‑vendor confirmation will help refine guidance and reveal whether changes are limited to specific hardware or broader platform semantics.

Conclusion​

The August 2025 cumulative updates delivered important security fixes but also introduced a measurable regression affecting NDI’s default RUDP transport, producing severe stuttering and choppy audio/video in multi‑PC streaming setups on Windows 11 24H2 and some Windows 10 branches. Microsoft has confirmed the problem and references vendor guidance: change NDI Receive Mode to Single TCP or UDP (Legacy) as a pragmatic interim mitigation while engineering investigates a permanent patch. (bleepingcomputer.com, m.vmix.com)
For production teams the practical path is clear: implement the vendor mitigation, stage updates in a controlled pilot ring, rehearse after changes, and avoid fleet‑wide rollback unless absolutely necessary and accompanied by compensating security controls. Monitor Microsoft Release Health and vendor advisories for the definitive fix, and treat secondary reports (such as SSD disappearance) with caution until they receive vendor confirmation and a Microsoft technical postmortem.
The incident is a reminder that in complex ecosystems, transport and timing semantics matter. When an OS update shifts low‑level assumptions, the consequences can be dramatic for specialized, timing‑sensitive workflows — and the right balance between security and continuity often depends on disciplined, tested mitigations rather than reflexive rollbacks.
Source: Cyber Press https://cyberpress.org/windows-11-24h2-and-windows-10-hit-by-severe-lag-after-microsofts-august-2025-update/
 

The August cumulative for Windows 11 quietly handed broadcasters and multi‑PC streamers a live‑production headache: after installing KB5063878 (Windows 11 24H2) — and companion Windows 10 rollups — NDI‑based feeds began stuttering, dropping frames, and producing choppy audio/video, effectively breaking common workflows that use OBS Studio, NDI Tools, and other production apps. (bleepingcomputer.com)

Multi-monitor workstation displaying code and graphs in a dim, cable-strewn data lab.Background / Overview​

Microsoft shipped the August 12, 2025 cumulative updates as part of the regular Patch Tuesday rollout. The packages — among them KB5063878 for Windows 11 (OS Build 26100.4946) — bundled security fixes and servicing‑stack updates intended to keep systems secure and current. Almost immediately after distribution, creators, AV engineers, and small production teams reported reproducible, severe performance regressions when using the Network Device Interface (NDI) protocol between machines. (support.microsoft.com) (tomsguide.com)
NDI is a widely used video‑over‑IP protocol that enables low‑latency transmission of high‑quality video and audio across local networks. In modern multi‑PC streaming setups, capture machines, encoder machines, and graphics engines commonly rely on NDI to move Display Capture and camera feeds around the studio — so when NDI misbehaves in production, the user‑visible impact is immediate and dramatic. (support.streamlabs.com)

What happened: Symptoms, scope, and immediate evidence​

  • Symptom profile: Reported behavior includes severe stuttering, dropped frames, rhythmic micro‑pauses, and audio‑video drift in NDI feeds — frequently worse when the source uses Display Capture rather than a camera. These failures occur even on uncongested LANs, which points to a transport/timing regression rather than raw bandwidth limits. (bleepingcomputer.com)
  • Affected software: OBS Studio and the NDI Tools suite (and, by extension, any software using NDI over its default settings) are explicitly called out by Microsoft and vendors. Standalone consumer streaming to platforms (single‑PC OBS → Twitch/YouTube) is generally not implicated unless your setup uses NDI. (bleepingcomputer.com)
  • Affected packages and builds: The behavior has been associated with KB5063878 on Windows 11 24H2 (OS Build 26100.4946) and companion Windows 10 updates such as KB5063709 for 22H2/21H2 servicing branches. Microsoft added an advisory to its Windows Release Health messaging to acknowledge the regression. (support.microsoft.com)
  • Reproducibility and vendor confirmation: Independent outlets and the NDI vendor team reproduced the issue and converged on a common fingerprint: only flows using NDI’s Reliable UDP (RUDP) transport were failing, while UDP (Legacy) and Single‑TCP transports remained functional in tests. That narrowing of scope is what allowed a practical workaround. (neowin.net, support.streamlabs.com)

Technical analysis: why RUDP is the flashpoint​

NDI supports multiple transports to balance latency and reliability:
  • RUDP (Reliable UDP) — NDI’s modern default in many setups. It layers application‑level sequencing, retransmits, and pacing on top of UDP to preserve low latency while adding reliability.
  • UDP (Legacy) — simple datagram transport; minimal overhead and low latency but no retransmits.
  • Single TCP — ordered, reliable byte stream; robust but can introduce head‑of‑line blocking under loss.
RUDP depends on precise timing, socket semantics, and the OS‑level behavior of the network stack. The field evidence suggests the August updates introduced a change to socket timing, buffering, or packet handling that caused RUDP’s retransmission/congestion heuristics to misinterpret normal conditions as loss — triggering retransmission storms, queueing, and visible stutter. Because UDP (Legacy) and Single‑TCP use different assumptions, they were largely unaffected by the regression. (support.streamlabs.com, bleepingcomputer.com)
At this stage Microsoft’s public advisory does not publish a line‑by‑line root cause (kernel diff or driver trace). Without that level of disclosure, the best available evidence is the transport‑specific fingerprint and the vendor‑tested mitigations; treating deeper hypotheses about internal socket semantics as provisional is appropriate until Microsoft releases a technical post‑mortem. (bleepingcomputer.com)

The vendor‑recommended mitigation (what to do now)​

NDI vendors and Microsoft converged on a low‑impact workaround that preserves the security updates while restoring reliable streams:
  • Download and install the free NDI Tools pack (if not already installed).
  • Launch NDI Access Manager on any machine participating in the NDI workflow.
  • Go to the Advanced tab.
  • Change Receive Mode from Auto (RUDP) to Single TCP or UDP (Legacy), then click OK.
  • Repeat these steps on all affected machines (both senders and receivers), then restart the NDI clients. (neowin.net, support.streamlabs.com)
This change switches the transport away from RUDP and has been shown to restore reliable behavior in tested environments without removing the Windows security patches. It’s the recommended first response for most streamers and small production teams. (support.streamlabs.com)

Why you should not immediately uninstall KB5063878 (and how to proceed if you must)​

Uninstalling a security LCU is a blunt, risky option. The August cumulative patched more than 100 vulnerabilities; in some branches Microsoft fixed a publicly disclosed Kerberos elevation‑of‑privilege issue and other serious items. Removing the patch entirely trades operational stability for exposure to real security risks. Microsoft’s KB page explains that combined SSU+LCU packages can require DISM to remove the LCU portion and that the SSU cannot be uninstalled by simple means. This makes rollbacks more complex than clicking “Uninstall update.” (support.microsoft.com)
If you operate in a high‑risk production environment and the NDI workaround is unacceptable (for example, you require RUDP semantics), then plan a controlled rollback only after:
  • Verifying the rollback process in a lab using DISM and documenting expected outcomes.
  • Backing up critical data and system images.
  • Evaluating the security implications with your security team and deciding whether compensating controls (network segmentation, temporary firewall rules) can offset the removed patches.
Community reporting also highlighted an unrelated storage regression (Phison controller NVMe issues) that in some cases caused drives to drop or become inaccessible under heavy write workloads; that problem compounded the cost of removing the cumulative update for some users. In short, uninstalling the LCU is rarely the safest first step. (windowscentral.com, support.microsoft.com)

Step‑by‑step quick fix (packaged for readers who want a checklist)​

  • Confirm your Windows build: open Settings → System → About and verify you have Windows 11 24H2 (Build 26100.4946) or the corresponding Windows 10 KB listed in Microsoft’s advisory. (support.microsoft.com)
  • Install NDI Tools (download from the vendor site). (support.streamlabs.com)
  • Open NDI Access Manager → Advanced → Receive Mode. Change from Auto (RUDP) to Single TCP or UDP (Legacy). Press OK. (support.streamlabs.com)
  • Restart OBS/NDI clients on sending and receiving machines. Validate a test capture using Display Capture.
  • If the workaround fails, collect logs: NDI logs, OBS logs, and Windows Event Viewer network‑related entries for escalation. Consider temporarily isolating the affected devices to perform controlled testing.

Broader context: why this matters beyond a single bug​

This incident is notable for three reasons:
  • It highlights the fragility of transport diplomacy between apps and OS networking internals. Modern media stacks rely on subtle timing and buffer behavior that OS updates can shift. When the OS changes socket semantics even slightly, application‑level reliability layers like RUDP can break in noisy, user‑facing ways. (support.streamlabs.com)
  • It shows the tradeoff between security and operational stability. August’s cumulative contained important security fixes; rolling those back wholesale has real consequences for enterprise and home users alike. The vendor workaround is valuable precisely because it preserves the security baseline. (support.microsoft.com)
  • It underscores the importance of testing update rings for production workflows that depend on specialized protocols. Small‑scale creators and AV teams often lack enterprise testing pipelines, so regressions surface in the wild. This makes sensible staging and rapid rollback plans essential for any multicomponent studio.

Critical appraisal of Microsoft’s response and vendor coordination​

Strengths in the response:
  • Microsoft publicly acknowledged the issue on its Release Health dashboard, narrowed the symptom set, and pointed users to vendor guidance — a practical and pragmatic route that preserved security while offering a fix. (support.microsoft.com, bleepingcomputer.com)
  • NDI vendors and ecosystem partners documented the workaround and provided step‑by‑step mitigation that many streamers could implement without removing critical patches. Streamlabs and other tools echoed the guidance in their support materials. (support.streamlabs.com, neowin.net)
Areas of legitimate criticism and risk:
  • The bug landed in a high‑visibility area of the creator ecosystem, and the public dialog revealed fragmented messaging early on. For content creators who rely on multi‑PC workflows, days of outages equal lost revenue and reputational damage.
  • Not every user knows how to change NDI settings or rediscover transport semantics. Expect a wave of support requests and on‑air problems while the workaround is applied across distributed teams.
  • Some posts and community content circulated unverified "fixes" (registry edits, driver rollbacks) that are either unnecessary or potentially dangerous; those should be treated with skepticism until verified by vendors. Claims that Microsoft supplied a registry edit plus driver update as the primary mitigation do not align with Microsoft’s public advisory and vendor guidance; flag such claims as unverified until Microsoft or the affected vendor publishes them. (support.microsoft.com, neowin.net)

Practical recommendations for streamers, producers, and IT admins​

For home streamers and small creators
  • Implement the NDI Receive Mode workaround immediately and validate your scenes in a private test stream.
  • Keep security patches installed. Do not uninstall the LCU unless you fully understand the risk and have a tested rollback plan.
  • Maintain a simple fallback: single‑PC streaming or hardware capture cards that don’t rely on NDI for critical shows.
For small production teams and AV engineers
  • Treat this as a wake‑up call to formalize update testing: stage Patch Tuesday rollouts to an internal ring and validate NDI flows before pushing updates to production encoders and capture machines.
  • Instrument monitoring on NDI nodes (latency, packet retransmit counters, CPU and NIC counters) so you can detect regressions quickly.
For enterprise IT and broadcast operations
  • Use Windows Update for Business or WSUS ring policies to control exposure and provide a rollback path where appropriate.
  • Coordinate vendor escalation: collect logs, test in the lab, and open formal support tickets with Microsoft and NDI vendors if the workaround is insufficient.
  • Consider network segmentation and VLANs for media flows, and evaluate whether moving to TCP paths for mission‑critical feeds (despite latency tradeoffs) is acceptable as a temporary mitigation.

Long‑term considerations and lessons learned​

  • Expect more subtle regressions: As operating systems evolve, the interaction surface with specialized multimedia transports increases. Software teams should anticipate and design for these integration risks.
  • Invest in rehearsals and staging: Live production cannot be treated as an afterthought; run rehearsals after major platform updates and formalize which updates require delayed deployment.
  • Demand better telemetry and transparency: Faster, more actionable telemetry from OS vendors — and a clearer, technical post‑mortem when regressions hit production workflows — would reduce downtime and restore trust faster.
  • Balance security and availability pragmatically: The right answer is seldom “always uninstall the patch.” Instead, prefer mitigations that preserve security and restore function whenever possible, as the NDI‑Receive‑Mode workaround does.

Final assessment​

The August 2025 cumulative update incident is a vivid reminder that modern streaming stacks are fragile ecosystems where OS‑level changes can cascade into on‑air outages. Microsoft and NDI vendors converged rapidly on a functional mitigation that preserves the security baseline while restoring reliable streams for most affected users, which is the right short‑term outcome. (bleepingcomputer.com, support.streamlabs.com)
That said, the episode also underscores persistent gaps in how platform vendors coordinate with niche but critical application ecosystems. Streamers, AV engineers, and IT teams have clear work to do: stage updates, automate validation of media flows, and codify quick mitigation playbooks. For anyone running critical production workloads on Windows, the operational lesson is blunt and unavoidable — don’t assume every Patch Tuesday is risk‑free, and keep a tested contingency plan ready.
If your stream is currently affected, the vendor‑recommended Receive Mode change is the least invasive fix and the fastest path to recovery; uninstalling the update should be a last resort and only after careful, documented testing and backups. Microsoft continues to investigate and will publish a permanent servicing fix in a future patch; watch official Windows Release Health messaging and vendor advisories for the confirmed technical root cause and the ultimate remediation timeline. (support.microsoft.com, neowin.net)
Source: Total Apex Gaming Windows 11 Update Just Broke Your Favorite Streaming App - Total Apex Gaming
 

You must log in or register to reply here.

Similar threads

ChatGPT
  • Featured
  • Article Article
NDI Stutter After August 2025 Windows Update: Fix with Receive Mode Change
Replies
0
Views
318
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Windows 11 KB5063878 NDI Stuttering: Fix by Changing NDI Transport
Replies
0
Views
357
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
NDI stutter after August 2025 Windows updates: switch NDI Receive Mode to TCP or UDP
Replies
0
Views
278
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
NDI Streaming Breaks After August 2025 Windows Update: Fix by Switching NDI Transport
Replies
0
Views
245
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Windows August 2025 Update Triggers Severe NDI Stutter (RUDP)
Replies
1
Views
372
ChatGPT
ChatGPT
Back
Top