Microsoft's August cumulative update for Windows 11 24H2, KB5063878, is triggering a disturbing regression: certain SSDs abruptly disappear during heavy write operations, sometimes leading to irrecoverable data loss. The issue, accompanied by secondary problems like NDI streaming stutters, has forced power users and IT administrators to seek emergency removal procedures—while navigating the security risks of rolling back a critical security update.

The Update That Broke Storage

KB5063878 arrived as a combined servicing stack update (SSU) and latest cumulative update (LCU). This bundled packaging means that standard uninstall commands via Windows Settings often fail, because the servicing stack cannot be rolled back independently. Microsoft shipped the update for Windows 11 24H2 builds, pushing it through Windows Update and WSUS as an automatic security and quality rollup.

Two distinct regressions emerged almost immediately. Content creators relying on NDI with OBS reported severe video stuttering when using the default RUDP transport—an issue that disrupted live production workflows. Far more alarming, however, was the behavior observed on a subset of NVMe and SATA SSDs: during sustained large sequential writes (often exceeding 50 GB in a single session, and especially on drives not freshly formatted), the SSD would become completely unresponsive. In the worst cases, the drive disappeared from Disk Management and Device Manager entirely, and partition tables became corrupted, resulting in lost data.

What Triggered the Failure?

Community reproductions and vendor telemetry quickly zeroed in on the conditions. The regression is not a universal NVMe driver meltdown. Instead, it appears confined to specific SSD controller and firmware combinations—notably, some drives using Phison E18 or E26 controllers, and in several reported cases, engineering or review-sample firmware rather than final retail firmware. The problem surfaces when the drive is subjected to aggressive single-session writes (such as copying a large media file, restoring a backup, or moving VM images) on a disk that is near capacity or heavily fragmented. Under these conditions, the controller firmware enters a state that the OS interprets as a device removal, and the drive drops offline.

While the exact firmware revisions remain under vendor review, the community’s rapid isolation of reproducible test vectors helped Microsoft and storage OEMs begin validation. However, no definitive list of affected models has been published by Microsoft or any major SSD vendor at the time of writing. Users should treat any community-compiled list as a candidate, not a final blacklist, and confirm with their drive manufacturer.

When Should You Uninstall KB5063878?

Rolling back a security cumulative update opens a window of vulnerability, so the decision must be deliberate. Consider uninstalling if:

  • Your SSD became inaccessible, vanished from Disk Management, or shows corrupted partitions after installing KB5063878.
  • You observe recurrent drive disappearances during large sequential writes (video rendering, database imports, large copy operations).
  • You run production workloads where an intermittent storage failure is unacceptable—live streaming, high-availability VMs, or data acquisition.

If your system behaves normally and your SSD vendor confirms your exact model and firmware revision is safe, stay patched. Uninstalling the LCU removes all security fixes from the August patch Tuesday, including mitigations for known zero‑day vulnerabilities.

Before You Begin: Non-Negotiable Safety Steps

  1. Create a full system image backup. Use reliable tools like Macrium Reflect, Acronis Cyber Protect, or your vendor’s disk cloning utility. This is the single most important action; a rollback gone wrong can leave your system unbootable.
  2. Save any accessible data from affected drives to an external medium immediately. Avoid writing new data to the problematic SSD until recovery steps are complete.
  3. Identify your exact Windows build. Run winver and confirm KB5063878 is installed (for 24H2, look for OS Build 26100.4946 or similar). This prevents mistakenly uninstalling the wrong update.

Safe Step-by-Step Uninstall Guide

Because KB5063878 is a combined SSU/LCU, the removal process escalates from GUI to command-line methods.

1. Standard GUI Uninstall (Try First)

  • Navigate to Settings > System > Optional features > More Windows features. If Windows Sandbox is enabled, uncheck it and click OK. This avoids interaction errors like 0x800F0825 that have been reported. Restart if prompted.
  • After reboot, go to Settings > Windows Update > Update history > Uninstall updates.
  • Locate KB5063878 (listed as “Update for Microsoft Windows (KB5063878)”). Click Uninstall, and restart when instructed.
  • Once the system restarts, verify normal behavior—check if previously vanished drives now appear in Disk Management. Immediately pause updates for 1 week via Settings > Windows Update to prevent automatic reinstallation.

2. If GUI Fails: Remove the LCU Using DISM

When the combined package blocks GUI removal, DISM (Deployment Image Servicing and Management) can target the LCU specifically.

  • Open an elevated Command Prompt.
  • List installed packages and find the LCU identity:
    dism /online /get-packages | findstr KB5063878
    Note the full Package Identity string (e.g., Package_for_RollupFix~31bf3856ad364e35~amd64~~22621.4946.1.6).
  • Remove the package:
    dism /online /remove-package /packagename:<PackageIdentity>
  • Reboot and check stability.

If DISM returns errors like 0x800f0905, the component store may be corrupted. Proceed to repair.

3. Repair Component Store and System Files

  • Run these commands sequentially in an elevated prompt:
    DISM /Online /Cleanup-Image /RestoreHealth sfc /scannow
  • Reboot and retry the DISM removal command.

These steps fix servicing stack corruption that often blocks uninstalls.

4. Clear Windows Update Caches (If Errors Persist)

Residual update payloads can cause 0x800f0825 and 0x800f0905 failures even after repair.

  • Stop update services:
    net stop wuauserv net stop bits net stop cryptsvc
  • Rename cache folders:
    ren %SystemRoot%\SoftwareDistribution SoftwareDistribution.old ren %SystemRoot%\System32\catroot2 catroot2.old
  • Restart services:
    net start wuauserv net start bits net start cryptsvc
  • Reboot and attempt the uninstall again. A Clean Boot (msconfig > Selective startup) can exclude third‑party interference.

Blocking the Update After Rollback

Once KB5063878 is removed, you must prevent Windows Update from re-offering it until Microsoft ships a fixed replacement.

  • Pause updates: Set a 1‑week pause (repeatable) under Settings > Windows Update. This is a temporary measure.
  • Hide the update: Download and run the official “Show or hide updates” troubleshooter (wushowhide.diagcab). Select Hide updates, check KB5063878, and confirm. This is the most reliable method for consumer PCs.
  • Enterprise controls: Use WSUS, Intune, or Configuration Manager to decline or hold the update. For large fleets, Known Issue Rollback (KIR) policies may be available through Microsoft; check the Windows Release Health dashboard.

If Your SSD Already Disappeared: Recovery Checklist

When a drive vanishes and an uninstall doesn’t immediately restore it, follow this ordered approach:

  1. Cold reboot and check hardware. Power the system completely off (not restart), then boot into Windows. Open Device Manager and Disk Management. If the drive appears offline or uninitialized, do not format or initialize—that will destroy recovery possibilities.
  2. Run vendor diagnostics. Tools like Samsung Magician, WD Dashboard, Crucial Storage Executive, or third‑party CrystalDiskInfo can read SMART data even if the drive doesn’t mount. Look for firmware panic states, unexpected power loss count, or controller timeout errors.
  3. Firmware recovery utilities. If your SSD vendor provides a dedicated recovery tool (e.g., Samsung’s SSD firmware recovery USB) and explicitly documents it for your exact model/revision, follow their instructions. Back up the drive first if possible—firmware flashes can be destructive.
  4. Professional data recovery. If SMART shows critical failures or the drive is not detected at all, stop all attempts and contact a professional recovery lab. Repeated power cycles and writes can render data unrecoverable.

Root Cause: A Narrow but Severe Interaction

The evidence points to an OS‑level change in KB5063878 that affected the storage driver stack—possibly related to NVMe power management or error handling thresholds. Under extreme write stress, certain controller firmware revisions enter a state where they stop responding to the host, leading the OS to mark the device as removed. The issue was exacerbated on engineering‑sample firmware often used in early review units, which explains why some high‑profile testers encountered it while most retail users did not.

Importantly, this is not a widespread failure. The number of affected units is small, but the consequence—potential permanent data loss—makes it a high‑severity regression. Neither Microsoft nor SSD vendors have publicly identified the exact firmware versions or the precise kernel change responsible. Ongoing investigations may lead to a corrected cumulative update or vendor firmware patches.

Security vs. Reliability: The Difficult Trade-off

Uninstalling a security cumulative update is never a neutral act. KB5063878 contains fixes for actively exploited vulnerabilities. Rolling it back re‑exposes your system to those threats until a patched replacement is installed. For production machines where an intermittent SSD disappearance could destroy hours of work—video editing rigs, data acquisition systems, or financial transaction servers—the immediate reliability risk often outweighs the security risk. For general‑purpose desktops and laptops where storage is stable, staying patched is the wiser choice.

Enterprise administrators should test any rollback or blocking policy on a representative sample of hardware, validating large‑write behavior under load, before making fleetwide changes. Microsoft’s Known Issue Rollback mechanism, if deployed for this specific issue, would be the preferred mitigation, as it disables only the problematic code path without removing the entire update.

What’s Next? Microsoft and Vendor Response

Microsoft is aware of the issue and, per historical practice, may issue an out‑of‑band fix or incorporate the correction into a forthcoming cumulative update. SSD vendors, meanwhile, are investigating firmware updates for affected controllers. Users should actively monitor:

  • Microsoft Windows Release Health dashboard for acknowledgment and KIR notifications.
  • SSD manufacturer support pages for firmware advisories and downloads specific to their model and firmware revision.
  • Community forums and technical media for validated lists of affected drives—though always cross‑reference with official sources.

Microsoft’s combined SSU+LCU packaging, while improving servicing reliability in many scenarios, makes uninstalling problematic updates more cumbersome. The requirement to use DISM for removal is a known nuance, but the average user is unlikely to be familiar with it, increasing frustration during an already stressful data‑loss event.

Key Takeaways

The KB5063878 incident underscores the intricate dance between OS updates and hardware firmware. For most users, the August cumulative is safe; for a narrow set of SSD configurations, it poses a genuine data loss threat. If you are affected:

  • Back up immediately, preserving any accessible data.
  • Uninstall the LCU via Settings or DISM, following the repair steps if needed.
  • Block reinstallation with the wushowhide tool or update pausing.
  • Engage your SSD vendor for firmware updates and recovery guidance.

If you are not affected, maintain your normal patching cadence, but keep an eye on vendor advisories. The ecosystem’s response—rapid community triage, coordinated vendor involvement, and a clear set of remediation tools—highlights the resilience of Windows’ update management infrastructure, even if the bug itself was severe. Ultimately, rigorous backup disciplines and staged update rollouts remain the best defense against rare but high‑impact regressions.