Phison, one of the largest suppliers of NAND flash controllers, has publicly disowned a document circulating among industry partners that falsely claimed the latest Windows 11 security updates were uniquely breaking drives built on its silicon. The controller maker says it is pursuing "appropriate legal processes" against the falsified communication while simultaneously working with Microsoft and SSD vendors to root-cause a genuine storage regression that has left multiple drives disappearing from users' systems.
The immediate firestorm began shortly after Microsoft rolled out its August 2025 cumulative update for Windows 11, tracked as KB5063878 (with a companion package KB5062660 appearing in some reports). Within days, hobbyists and professional testers had reproduced a consistent failure pattern: during sustained, large sequential writes—commonly around the 50 GB mark—some SSDs would become unresponsive, vanish from File Explorer, Device Manager, and Disk Management, and in a handful of cases, return in a permanently corrupted state. The bug does not discriminate by brand; affected drives span consumer and prosumer NVMe models, though early community testing showed an overrepresentation of devices with Phison controllers.
The Community Test That Ignited the Investigation
The most detailed public reproduction was performed by X user @Necoru_cat, who tested 21 drives under a sustained write workload designed to mimic large game installs or massive file archive extractions. The methodology was straightforward: copy a large game library folder (like Cyberpunk 2077’s Steam directory), create a compressed archive, then expand the archive onto the target SSD. The results were stark. Twelve of the 21 drives became inaccessible mid-transfer. Most reappeared after a reboot, but one—a Western Digital SA510 2TB—remained unrecoverable even after a power cycle. Several others exhibited inconsistent behavior that depended on firmware revision, motherboard BIOS, and the specific write pattern.
Crucially, the failures were not confined to a single controller vendor. While Phison-based SSDs appeared more frequently in the early sample, drives using Silicon Motion, InnoGrit, and in-house controller designs also fell over. This broad footprint immediately suggested an interaction between Windows’ storage stack and controller firmware, not a defect isolated to one chip design.
The Technical Underpinnings: HMB, Sustained Writes, and Firmware Edge Cases
To understand why an OS update could push SSDs into a hang state, it helps to look at how modern NVMe drives operate. Most mainstream SSDs—especially cost-optimized, DRAM-less models—rely on Host Memory Buffer (HMB) technology. Without onboard DRAM, they borrow a small chunk of your system’s RAM to store the logical-to-physical mapping table that translates file system addresses into NAND flash locations. If a Windows update alters the timing, allocation size, or command ordering associated with HMB access, it can trigger latent firmware race conditions. Under a sustained sequential write, the controller must constantly update that mapping table, flush and recycle NAND blocks, and manage wear leveling—all operations that become vulnerable if the host suddenly changes how it delivers memory buffer grants or NVMe command completions.
What the community observed—drives disappearing mid-transfer, SMART data becoming unreadable, and sometimes recovery only after a full power cycle—is the classic fingerprint of a controller-level hang. In a hung state, the NVMe device stops responding to submission queue doorbell register writes, so Windows marks it as gone. If the firmware cannot complete its internal housekeeping, the mapping table may be corrupted, which explains why some drives never came back.
Phison’s Measured Acknowledgment
As reports mushroomed across forums and tech press, Phison issued a carefully worded statement to Tom’s Hardware: “Phison has recently been made aware of the industry-wide effects of the ‘KB5063878’ and ‘KB5062660’ updates on Windows 11 that potentially impacted several storage devices, including some supported by Phison. We understand the disruption this may have caused and promptly engaged industry stakeholders.” The statement avoided assigning blame ambiguously, promised partner advisories and firmware work, and stressed that the company was reviewing which controllers may be affected. This is standard supplier posture—firmware fixes, if needed, must be validated by drive vendors for each SKU, and root-cause attribution demands telemetry from both the platform (Microsoft) and controller/drive makers.
Enter the Falsified Document
Within days of that first acknowledgment, a separate document began circulating via press channels and industry contacts. It purported to be a direct communication from Phison to customers and partners. According to its content—published in part by Wccftech—the memo named specific Phison controller families, used alarmist language about “significant issues,” and explicitly pinned the entire Windows 11 storage bug on Phison hardware alone. If believed, such a communiqué would have materially damaged Phison’s commercial relationships, prompted a wave of unwarranted RMA requests, and caused partners to freeze shipments of any drive containing Phison silicon.
Phison has unequivocally disowned that material. In a follow-up statement circulated via industry press, the company declared the document “falsified” and “not an official or unofficial Phison communication.” It further indicated that it is addressing the matter through “appropriate legal processes.” Independent confirmation of specific legal steps (filings, cease-and-desist demands, named defendants) was not publicly available at the time of reporting, so the legal action should be read as Phison’s stated intent rather than verified litigation. The episode introduces an unnerving twist: while engineers scrambled to isolate a cross‑stack technical problem, an information warfare vector added reputational and legal risk.
What We Know—Verified Facts
- Update identifiers: Microsoft released the Windows 11 August 2025 cumulative update as KB5063878 on August 12, 2025. A related package, KB5062660, was also flagged in some reports. Multiple outlets confirm the release date and package numbers.
- Reproducible failure signature: Community testers reliably triggered drive disappearance during large (commonly ~50 GB) sequential transfers. The bug manifests as the drive vanishing from the OS, sometimes corrupting the file system. Tom’s Hardware, Windows Central, and specialist forums documented the method and results thoroughly.
- Phison’s involvement: The company acknowledged it is investigating, coordinating with Microsoft and partners, and will issue advisories and firmware updates as needed. It did not claim the issue is exclusive to its controllers.
- The falsified document: Phison has explicitly stated that a circulating document claiming controller-specific failures and blaming only Phison hardware is not genuine. The company intends to pursue legal remedies.
What Remains Unproven
- Population-scale attribution: Lab reproductions are compelling, but Microsoft has not published telemetry data that would confirm the exact rate, distribution, or root cause across its installed base.
- Precise root cause: While the leading hypothesis points to a host‑initiated change in HMB behaviour or NVMe command ordering that exposes firmware edge cases, whether remediation will come from a Windows Known Issue Rollback, a micro‑patch, firmware updates, or a combination is still undetermined.
- Origin of the fake memo: Phison says the document is false, but independent tracing to its source, possible motives (competitor sabotage, malicious actor, misattribution), or forensic evidence has not been made public.
Practical Guidance for Users and IT Teams
Given the potential for data loss, a conservative approach is warranted until fixes are deployed:
- Back up immediately. Copy essential data to an independent disk or a trusted cloud service. Do not rely on a single drive for any data you cannot afford to lose.
- Defer heavy write operations. If your system has installed KB5063878 or KB5062660, avoid large, uninterrupted file transfers—game installations, mass archive extractions, lengthy video exports—or break them into chunks under ~50 GB as a temporary risk mitigation.
- Inventory your drives and check for firmware updates. SSD vendors distribute updates through tools like Corsair iCUE, SanDisk Dashboard, or Kioxia’s utility. Do not flash firmware without a verified backup and specific vendor guidance.
- Enterprise staging. Administrators should hold KB5063878 from broad deployment rings, validate large-write workflows in a test ring, and use servicing controls (Known Issue Rollback or deployment blocking) for managed fleets if vendor advisories are not yet available.
- If a drive disappears mid-transfer: Stop all additional writes. Do not initialize or reformat the disk. Capture vendor diagnostics and Event Viewer logs. Create a block‑level forensic image before attempting destructive repairs. Contact vendor support with logs and firmware IDs to facilitate RMA and root‑cause analysis.
Legal, Reputational, and Industry Fallout of the Fake Document
The emergence of a forged memo carries immediate consequences beyond the technical bug:
- Reputational risk: A widely circulated document that falsely pins blame on Phison could cause customers and retail partners to prematurely blacklist Phison‑based SKUs, impacting sales and supplier trust even while the underlying evidence remains ambiguous.
- Commercial disruption: SSD integrators and OEMs using Phison silicon could face a surge in support tickets, unnecessary RMAs, and inventory holds driven by misinformation, raising costs and distracting from genuine remediation efforts.
- Deterrence through legal action: By declaring the document falsified and citing legal action, Phison aims both to pursue remedy and to deter future bad‑faith actors. Possible steps include cease‑and‑desist letters, demands for retraction, or civil claims for damages—though until filings are public, these remain intentions.
Falsified documents in heated tech disputes are not new, but the response playbook is well‑established: public disavowal plus accelerated transparent technical communication to starve rumor of oxygen. Phison appears to be following that dual track—contemporaneously investigating with Microsoft and partners while calling out the forged material—which is the recommended crisis‑communication stance.
Strengths and Weaknesses of the Current Response
Strengths:
- Phison’s initial statement was measured, avoided premature attribution, and framed the problem as industry‑wide, reducing the risk of misdirected firmware pushes or consumer panic.
- The company publicly committed to partner advisories and direct collaboration with Microsoft, the correct technical path given the cross‑stack nature of the regression.
- Independent, reproducible failure patterns provide forensic leads that vendors can correlate against telemetry, accelerating root‑cause analysis.
Weaknesses:
- Phison’s early messaging did not enumerate affected firmware revisions or provide a public model list, forcing customers to rely on noisy community lists. The falsified document exploited that vacuum.
- A fake but authentic‑looking vendor communication can propagate rapidly through social channels and trade partners, magnifying damage before forensic results are available.
- Remediation likely requires SKU‑specific firmware validation from each SSD vendor, and distribution timelines will vary. That creates a window of operational exposure that is hard to manage for large fleets and retail buyers.
Plausible Resolution Paths
- Firmware‑only fix: Vendors push firmware updates that correct handling of the OS‑introduced timing or allocation pattern. This would be validated per SKU and distributed by drive makers.
- Microsoft mitigation + firmware: Microsoft issues a Known Issue Rollback or targeted patch to restore prior host behaviour temporarily, buying time for vendors to prepare firmware updates.
- Hybrid approach: An initial OS mitigation combined with long‑term firmware and OS hardening to prevent similar cross‑stack regressions in the future.
All three paths remain on the table. Phison’s partner‑centric communication implies firmware will play a central role, but Microsoft mitigations cannot be ruled out.
How This Should Reshape Industry Practices
This incident—a host OS update exposing latent firmware edge cases—underscores a perennial reality: modern storage is co‑engineered across OS, driver, firmware, and hardware. Several improvements could reduce the blast radius next time:
- Expanded pre‑release stress testing: Exercise sustained sequential writes and HMB allocation variations across a matrix of controller firmware versions, motherboard BIOSes, and NVMe driver permutations before shipping updates.
- Better cross‑vendor telemetry sharing: A standardized, privacy‑respecting telemetry set that lets Microsoft and vendors rapidly correlate failure signals would shrink root‑cause investigation time.
- Faster public advisories: Vendor advisories that list confirmed affected firmware IDs—not just community lists—reduce rumor risk and improve triage speed for IT administrators.
- Supply chain transparency: SSD vendors should maintain validated firmware distribution channels with clear versioning so system integrators can quickly identify and patch affected inventory.
Final Assessment
The Windows 11 August 2025 cumulative updates (KB5063878 / KB5062660) have triggered a reproducible storage regression that causes some SSDs to disappear under sustained heavy writes. The fingerprint strongly points to a host‑to‑controller interaction, and while Phison‑based drives appear overrepresented in early testing, the problem is not exclusive to a single supplier. Phison has acknowledged investigating the issue, is working with Microsoft and partners, and has forcefully disavowed a falsified document that aimed to pin blame solely on its controllers. The company says it is pursuing legal remedies against that forged communication.
For end users and IT teams, the immediate priority is data safety: verify backups, avoid large sequential writes on patched systems, and stage the update in controlled rings until concrete fixes arrive. Firmware updates delivered through SSD vendors are the likeliest long‑term resolution, with a possible Microsoft mitigation as a parallel path. The falsified‑document episode adds a sobering reminder: when technical ambiguity meets rapid social dissemination, bad actors can amplify confusion and commercial harm. Only coordinated, transparent vendor communication, verified fixes, and measured legal follow‑through will neutralize both the technical and reputational threats.