Windows 11 August Patch May Vanish NVMe SSDs Under Heavy Writes (KB5063878)

Microsoft and SSD vendors are scrambling after multiple independent testers and users reported that a recent Windows 11 cumulative update can make NVMe SSDs vanish from the operating system during sustained large writes — a failure mode that in some cases has left files corrupted or drives inaccessible — and Microsoft says it is investigating the reports with partners. (bleepingcomputer.com)

Background / Overview​

The incidents trace back to the August cumulative rollup for Windows 11 (commonly tracked as KB5063878, OS Build 26100.4946) released on August 12, 2025. Microsoft’s official KB article lists the update and its build number and notes but did not initially list a storage regression on the public known‑issues panel. (support.microsoft.com)
Within days, community researchers and storage test benches began publishing repeatable reproductions: during sustained, large sequential writes — often cited around 50 GB or more and more likely when drives were heavily used (>~60% filled) — the target SSD could stop responding, disappear from File Explorer/Device Manager/Disk Management, and in some cases return with unreadable SMART/controller telemetry or corrupted data. Multiple outlets independently reproduced or collated these findings. (tomshardware.com, windowscentral.com)
Controller vendor Phison publicly acknowledged it was investigating reports that Windows updates (identified in community reporting as KB5063878 and KB5062660) “potentially impacted several storage devices” and said it was coordinating with partners. Microsoft has told outlets it is “aware of these reports and investigating with our partners.” Those vendor and platform acknowledgements elevated the issue from scattered forum reports to an active industry investigation. (bleepingcomputer.com, tomshardware.com)

---

What users are actually seeing: symptom profile​

Short, scannable summary of the failure fingerprint:

• A large, continuous file transfer (game update, archive extraction, disk cloning, large backup) proceeds normally and then abruptly fails or stalls.
• The destination SSD disappears from the OS — it no longer appears in File Explorer, Disk Management, or Device Manager.
• Vendor utilities and SMART readers may return errors or be unable to query the drive after the event.
• A reboot often restores device visibility, but files written during the failure window can be truncated or corrupted. In a subset of cases the drive remained inaccessible until vendor-level recovery, firmware reflash, or a full reformat. (tomshardware.com, bleepingcomputer.com)

Key operational heuristics reported by multiple independent testers:

• Typical reproduction threshold: ~50 GB of continuous writes in a single operation.
• Higher risk if the drive is >50–60% full, which reduces spare area and compresses the SLC-cache window on many consumer SSDs.
• Overrepresented in early reports: Phison controller families (including DRAM‑less designs that rely on Host Memory Buffer), but other controller families and some HDD reports also surfaced in aggregated test lists. This suggests the failure is a workload‑triggered interaction rather than a single‑brand universal failure. (tomshardware.com, easeus.com)

---

How credible is the evidence?​

Multiple, independent test benches and specialist outlets have reproduced consistent symptoms under the same workload profile, which gives the reports technical weight beyond one‑off anecdotes. Tom’s Hardware ran cross‑device tests and Windows‑focused outlets aggregated community reproductions; Phison’s public statement confirms vendor engagement. These independent confirmations are why the issue moved quickly from forum chatter to urgent vendor coordination. (tomshardware.com, bleepingcomputer.com)
Important caveat: a definitive, single root cause has not been published by Microsoft or Phison at the time of reporting. The evidence points to an interaction between the Windows storage stack (or updated components in the cumulative) and certain SSD firmware/controller behaviors under sustained I/O load, but concrete forensic telemetry tying the Windows change to a specific firmware code path has not been fully disclosed publicly. Treat vendor and Microsoft statements as “investigation in progress” rather than a final causal admission. (support.microsoft.com, tomshardware.com)

---

Technical analysis — why a Windows update can surface these failures​

Modern NVMe SSDs are complex, co‑engineered devices combining NAND, controller silicon, and firmware. Several technical factors make them vulnerable to subtle host changes:

• Many consumer SSDs (especially DRAM‑less models) rely on Host Memory Buffer (HMB) to map LBA-to-physical mappings and improve performance. Changes to HMB allocation timing or size at the OS level can change workload timing on the controller.
• Sustained sequential writes stress different controller code paths than brief desktop workloads: prolonged SLC cache use, extended garbage collection, temperature throttling, and DMA queue pressure. These conditions can reveal latent firmware race conditions or unhandled error paths. (tomshardware.com)
• If the controller firmware hits an unrecoverable state (controller hang, metadata corruption), the device may cease to respond to the host while still physically present — to Windows this looks like a “disappeared” drive. If metadata structures are corrupted, partitions can mount as RAW and data recovery becomes complex.

The pattern reported by independent testers (large writes, partially full drives, certain controller families) is consistent with a firmware edge case triggered by host‑side timing or resource changes. That alignment explains why vendors like Phison and Microsoft are coordinating: both firmware updates and potential host‑side mitigations may be required. (tomshardware.com, bleepingcomputer.com)

---

Which drives are most likely to be affected?​

Reported patterns and vendor commentary point toward a higher probability in the following situations:

• Drives using Phison controller families, notably certain DRAM‑less models that rely on HMB. Early test matrices flagged several branded drives using Phison silicon. (tomshardware.com)
• SSDs that are substantially filled (often >50–60% reported), where the SLC cache and background garbage‑collection behavior is different from an empty drive.
• Workloads involving tens of gigabytes of continuous writes — game installs, large updates, disk cloning, media exports.
• That said, isolated reports include other controllers and even some HDDs; this is not strictly limited to one brand in the datasets publicized so far. The variability of firmware revisions across drive SKUs (same model number can ship with different firmware) further complicates any single-model prescriptive list. (tomshardware.com, techspot.com)

Practical implication: don’t rely only on brand-level optimism; check your drive’s firmware and vendor advisories before performing large writes if you’ve installed the August cumulative.

---

Microsoft’s and vendors’ responses (what’s been done so far)​

What Microsoft has said and done:

• Microsoft publicly acknowledged it is investigating reports of storage devices becoming inaccessible after the August cumulative and is working with industry partners. That investigation statement has been published to outlets covering the story. (bleepingcomputer.com)
• Microsoft also published an out‑of‑band (OOB) fix addressing a separate but serious regression introduced in the August rollup that broke Reset/Recovery features (delivered as KB5066189 for Windows 11 and companion KBs for Windows 10). Those OOB updates are optional and intended to fix recovery workflows; they do not replace the need for vendor firmware work on SSD controller issues. (bleepingcomputer.com, windowslatest.com)
• The public KB for KB5063878 still lists “Microsoft is not currently aware of any issues with this update” at the time of the original release note; subsequent investigation and OOB actions reflect Microsoft’s triage of multiple, separate regressions tied to the August patches. (support.microsoft.com)

What SSD vendors have done:

• Phison issued a public statement acknowledging it was investigating and working with partners after being made aware of “industry‑wide effects” attributed to the August updates. That triggered drive vendors and OEMs to review firmware revision behavior and prepare partner advisories or firmware updates as needed. (bleepingcomputer.com, tomshardware.com)
• Several SSD vendors have started pushing firmware advisories or instructions for customers to check vendor dashboard utilities and to avoid large, continuous writes until a fix is published. Timing and availability of firmware updates vary by vendor and by SKU. (windowscentral.com, techspot.com)

---

Immediate advice: what users should do right now​

This is a triage list for consumers and prosumers who want to minimize risk right away.

• Back up critical data immediately. Use the 3‑2‑1 rule: three copies, on two different media types, one offsite. If you rely on the affected drive, image it now before further writes.
• Avoid sustained, large sequential writes to any NVMe/SSD that has the August cumulative installed — specifically avoid single large transfers near or above 50 GB until you have vendor guidance or a firmware update. (tomshardware.com)
• If you haven’t installed the August cumulative yet, consider pausing that update for drives used in heavy‑write workflows until vendors publish firmware or Microsoft posts concrete mitigations. If you must install, watch for vendor firmware advisories and have a tested backup strategy in place. (windowscentral.com)
• Check your SSD vendor’s dashboard or support pages and apply only vendor‑issued firmware updates — and only after you have a current backup. Firmware updates can be the fix, but flashing without a backup is risky. (techspot.com)
• Capture logs if you see the fault: Event Viewer entries, output from CrystalDiskInfo or smartctl, and vendor utility logs. Stop further writes to a failing drive and contact vendor support; imaging the drive for forensic analysis preserves recovery options.

Concrete step‑by‑step for worried users (numbered):

• Confirm your Windows build via Settings → System → About (look for OS Build 26100.4946 or the KB number shown in Windows Update). (support.microsoft.com)
• Back up critical files to a separate physical drive or cloud immediately.
• Pause large copies, archive extractions, game installs, or cloning operations to the potentially affected drive.
• Check your SSD vendor’s firmware page and vendor utility for firmware advisories. If a firmware patch is available, read the vendor’s notes and only apply after backing up. (techspot.com)
• If a drive disappears mid‑write, power down the PC (if safe to do so), preserve evidence (logs, SMART dumps), and contact the SSD vendor for recovery guidance. Avoid repeated writes that might further damage metadata.

---

For IT administrators and enterprise fleets​

This incident is a reminder that cumulative updates can surface hardware edge cases and that staged testing is essential.

• Immediately inventory endpoints that received the August cumulative and identify machines with NVMe SSDs used for heavy I/O (content creators, VDI images, imaging servers, developer workstations).
• Use WSUS/SCCM or your RMM tooling to hold the August rollup from broader deployment until vendor firmware is validated in your environment.
• Prepare communications to end users: require backups before applying the August patches, and block large media transfers to recently patched devices.
• Monitor Microsoft Release Health and vendor advisories. Microsoft’s OOB fixes (e.g., KB5066189 family) address recovery regressions — but they are distinct from the SSD disappearance investigations and may not mitigate controller firmware failures. (bleepingcomputer.com)
• If you detect a failure, collect forensics (event logs, disk snapshots, SMART exports) and work with the SSD vendor and Microsoft support to determine root cause and remediation strategy.

---

Recovery prospects and worst‑case outcomes​

Recovery outcomes reported by the community and vendors fall into tiers:

• Mild: device disappears during write, reappears after reboot; files that were in flight may be corrupted or truncated but the drive is otherwise recoverable.
• Moderate: device mounts as RAW or partitions are missing; forensic imaging and vendor tools can sometimes recover metadata or files, but recovery effort is required.
• Severe: drive hardware or internal metadata is irrecoverably damaged and a full reformat or RMA is required — this can mean permanent data loss if backups are not available.

Uninstalling the Windows update does not guarantee restoration of already corrupted data, because in many reported cases the damage is on‑media. That makes proactive backups the single most important hedge.

---

Why this matters for long‑term Windows update strategy​

This episode underlines three durable lessons for Microsoft, vendors, and IT teams:

• Co‑engineering risk: modern storage is a co‑engineered surface — OS, NVMe driver, controller firmware, and OEM BIOS all interact. Small host changes can expose controller firmware edge cases.
• Stress testing matters: pre‑release test suites for major updates should include prolonged sequential write workloads and representative DRAM‑less/HMB‑reliant SSD profiles to catch these edge cases before wide rollout. (tomshardware.com)
• Telemetry and communication: rapid, transparent telemetry exchange between Microsoft and SSD vendors, timely firmware advisories, and clear guidance for users (including OOB fixes where necessary) reduce operational risk and preserve trust. The speed of vendor acknowledgement and Microsoft’s OOB updates on the recovery regression are positive signs, but coordinated public technical disclosure will be essential to fully restore confidence. (bleepingcomputer.com)

---

Strengths and weaknesses of the current responses​

Notable strengths:

• Vendors and Microsoft engaged quickly once independent reproductions emerged; public vendor statements (Phison) and Microsoft investigation confirmations helped prioritize the issue. (bleepingcomputer.com)
• Microsoft’s fast OOB update for the separate Reset/Recovery regression shows operational responsiveness and provides an example of delivering targeted fixes when a severe regression is identified. (bleepingcomputer.com)

Potential risks and gaps:

• Public Microsoft KB text for the August cumulative initially stated no known issues; that mismatch between field reports and initial public guidance created early confusion. Until forensic telemetry is published, a definitive root‑cause attribution remains unverified. (support.microsoft.com, tomshardware.com)
• Firmware distribution timing and the diversity of SKUs and firmware revisions mean fixes may roll out slowly, leaving mixed vendor/drive fleets with uneven protection windows. That increases operational complexity for enterprises.

Flagged unverifiable claims:

• Any headline that asserts “the Windows update destroyed X drives universally” is not supported by the current evidence. The pattern is real, reproducible in test benches, and vendor‑acknowledged — but its scope is device‑dependent, firmware‑revision‑dependent, and workload‑specific. Treat blanket damage claims as overreach until vendors and Microsoft publish definitive telemetry. (tomshardware.com, techspot.com)

---

How to stay updated (practical monitoring channels)​

• Microsoft Release Health and the specific KB pages for the August cumulative and any OOB updates (check the update history entries for your servicing branch). (support.microsoft.com, bleepingcomputer.com)
• SSD vendor support pages and their firmware tools (Crucial/Micron, Samsung, Western Digital, Kioxia, Corsair, SanDisk, ADATA, etc.) for firmware advisories. (techspot.com)
• Reputable storage‑focused outlets and test benches that publish reproducible test recipes and logs (Tom’s Hardware, BleepingComputer, Windows‑focused community test threads). (tomshardware.com, bleepingcomputer.com)

---

Conclusion​

The August Windows 11 cumulative has surfaced a narrow but consequential storage regression: sustained large writes can, in some configurations, cause NVMe SSDs to stop responding and disappear from Windows — sometimes with truncated or corrupted data. The technical evidence is solid enough that Microsoft and SSD controller vendors are jointly investigating, and Phison has publicly acknowledged engagement. Immediate defensive actions are straightforward: back up data now, avoid heavy writes on recently patched systems, check for vendor firmware advisories, and stage updates in managed environments until fixes are validated. (bleepingcomputer.com, tomshardware.com)
This remains an evolving technical incident. The most prudent approach for both consumers and administrators is conservative: prioritize data protection, defer risky workloads on patched machines, and apply only vendor‑approved firmware updates after a backup is confirmed. The underlying engineering lesson is clear — as storage designs lean further on host‑assisted features, rigorous cross‑platform stress testing and rapid vendor‑platform telemetry sharing are not optional; they’re mandatory to prevent edge‑case failures from becoming data‑loss events.

---

Source: PCWorld Microsoft confirms disappearing SSDs on Windows 11. Here's how to avoid it
Source: PCMag https://www.pcmag.com/news/microsoft-investigating-reports-of-ssds-vanishing-after-latest-windows/