Live production teams using NDI for video transport were hit with severe stuttering and frame drops after installing Microsoft's August 2025 cumulative updates, prompting an urgent workaround from both Microsoft and the NDI team. The issue, which surfaced within days of the Patch Tuesday release, affects users of OBS, vMix, NDI Tools, and other broadcast applications that rely on the Network Device Interface's default Reliable UDP (RUDP) transport. With the updates KB5063878 (Windows 11 24H2) and KB5063709 (Windows 10) now confirmed as the trigger, streamers and studios are scrambling to reconfigure their setups to avoid ruined broadcasts.
NDI and the August Patch Collision
NDI is a widely adopted IP video standard that allows high-quality, low-latency audio/video streams to travel over standard Ethernet. It has become indispensable in broadcast, esports, corporate events, and content creation, where multi-PC rigs and encoder boxes exchange video sources without dedicated capture cards. The NDI 5 family defaults to RUDP, a transport protocol that blends UDP's low latency with TCP-style reliability through sequencing, retransmissions, and flow control.
On August 12, 2025, Microsoft rolled out its monthly security updates. The Windows 11 24H2 cumulative (KB5063878, build 26100.4946) and Windows 10 packages (including KB5063709) included typical security fixes but, as users quickly discovered, also introduced a regression that crippled NDI flows. The issue is not a simple glitch: it manifests as persistent stutter, frozen frames, and audio desynchronization—symptoms that render professional broadcasts unusable.
What's Actually Breaking: Symptoms and Fingerprints
The failure mode is distinctive. Reports from independent observers and community forums describe:
- Sustained stutter and frame drops: Not occasional blips but continuous, rhythmic disruption, as if retransmissions are flooding the pipe.
- Audio drift: Sound gradually slips out of sync with video, pointing to buffering or retransmission timing anomalies.
- Clear correlation with the August updates: Systems that hadn't yet applied the patches remained stable; those that did exhibited the problem. The regression is reliably triggered on source or receiver machines after installation.
- RUDP-specific nature: Switching the NDI transport from RUDP to Single TCP or legacy UDP eliminates the fault, confirming the interaction is at the protocol level rather than an application bug.
These observations were echoed across platforms and by Microsoft's own release health channel. The issue is particularly pronounced when Display Capture (screen capture) is used as a source in OBS, which many streamers rely on for multi-PC setups.
Technical Primer: RUDP, UDP, and TCP in NDI
To understand why a Windows patch can break NDI, it's essential to grasp the tradeoffs of the involved transport modes:
- RUDP (Reliable UDP): NDI's default transport implements reliability features over raw UDP datagrams. It uses sequencing, acknowledgment-based retransmissions, and windowing to recover lost packets without the head-of-line blocking that can plague TCP. This tight integration with the OS networking stack makes it sensitive to changes in socket buffering, scheduling, and packet-handling behavior.
- UDP (Legacy): Simple, unordered datagrams with no delivery guarantees. It offers the lowest overhead and latency on stable, low-loss LANs but provides no recovery for dropped packets.
- Single TCP: A reliable, ordered byte stream that guarantees delivery but can introduce latency spikes under packet loss due to in-order delivery and head-of-line blocking.
When an OS update alters the kernel's networking behavior—even subtly—RUDP's reliability logic can overcompensate, leading to retransmission storms or queuing that surface as stuttering and audio drift. Microsoft's advisory acknowledges precisely this interaction.
Microsoft's Acknowledgment and the Official Guidance
Microsoft posted on its Windows release health channels that the August 2025 security updates can cause severe stuttering, lag, and choppy audio/video when NDI uses its default RUDP transport. The advisory notes that the problem is especially visible when Display Capture is enabled on the source PC. Engineering teams are investigating, but in the interim, both Microsoft and NDI recommend a configuration change on receiving machines.
NDI's documentation for Access Manager—the central control panel for NDI settings—was quickly updated to reflect the workaround. The tool allows users to manage groups, external sources, and critical advanced settings such as the receive transport mode. The NDI Access Manager configuration is stored in a JSON file, and all NDI applications read this file on startup to apply settings. This is why any transport change requires a restart of the apps.
Step-by-Step Mitigation Using NDI Access Manager
For production teams needing an immediate fix, the recommended procedure is straightforward:
- Install or open NDI Tools on the receiving machine (if not already present).
- Launch NDI Access Manager.
- Navigate to the Advanced tab.
- Under Receive Mode, select Single TCP or UDP (Legacy) instead of RUDP.
- Click OK to save the configuration.
- Restart all NDI-receiving applications (OBS, Studio Monitor, vMix, etc.) to force them to reload the configuration file.
- Repeat on every affected receiver in the NDI flow.
This change is recognized as a temporary measure, not a permanent fix. Both Single TCP and legacy UDP have their own operational profiles that must be tested under show conditions.
Operational Notes and Caveats
- Single TCP is the safer cross-network fallback and almost always eliminates the stutter, but it can increase end-to-end latency and suffers from head-of-line blocking when packet loss occurs.
- UDP (Legacy) preserves lower latency on stable LANs but sacrifices NDI's retransmission and windowing benefits. It's acceptable only in controlled, low-loss environments.
- Because NDI apps read the Access Manager config only at launch, any transport change requires a restart—and thus a careful change window.
- The workaround must be applied to every receiver in the workflow, which can be challenging in distributed productions with remote contributors.
The Rollback Option and Its Risks
Some operators have considered uninstalling the August cumulative update to revert to pre-patch behavior. This is a blunt instrument with significant downsides:
- Security tradeoffs: Removing a cumulative update also strips out critical security fixes, many of which address publicly known vulnerabilities. This expands the attack surface.
- Reinstall risk: Windows Update may automatically re-apply the patch, leading to whack-a-mole maintenance and potential surprises during a live show.
- Enterprise complexity: Organizations using WSUS, Intune, or SCCM must orchestrate rollbacks with formal exception approvals and compensating controls, such as tightened perimeter filtering or VPN isolation.
Rollback should be a last resort, documented with a clear timeline for re-patching and compensating security measures.
Broader Context: Multiple Regressions in August 2025
The NDI transport regression did not appear in isolation. Community and vendor testing also flagged:
- WSUS delivery failures with error 0x80240069, affecting enterprise patching.
- NVMe/SSD stability issues where drives temporarily disappeared under sustained writes, prompting vendor investigations.
These co-occurring regressions highlight a systemic challenge: modern cumulative updates touch dozens of subsystems, and specialized workloads like real-time AV can be disproportionately affected. They reinforce the need for staged rollouts and robust pre-production testing.
Why RUDP Regressions Are Especially Painful for Live Production
Live production demands predictable latency and uninterrupted continuity. When an OS-level change disrupts RUDP's delicate timing, the application-layer reliability mechanism can oscillate between aggressive retransmission and queuing, corrupting the viewing experience in ways that are difficult to mask. Key operational impacts include:
- Lip-sync errors and visible jitter that cannot be corrected on the fly.
- Multi-camera switching failures and encoder mismatches, leading to lost cues or ad breaks.
- Last-minute firefighting when remote guests or distributed teams cannot be reconfigured quickly.
These consequences elevate the incident from a niche technical bug to a tangible business risk for broadcasters and event producers.
Practical Checklist for Creators, Engineers, and IT Teams
- Detect: Confirm whether KB5063878 or KB5063709 is installed (
winver, Settings > About, orGet-HotFix). - Mitigate: If impacted, change NDI Receive Mode to Single TCP or UDP (Legacy) via Access Manager and restart all NDI apps.
- Test: Run a sustained 10–15 minute end-to-end test in the exact capture mode planned for the show. Verify latency, frame consistency, and audio sync.
- Coordinate: Notify all remote participants and walk them through the configuration change. For distributed teams, consider pushing the
%programdata%/NDI/ndi-config.v1.jsonchange via configuration management. - Hold updates: Pause automatic approval of the August cumulative in production rings until a permanent fix or Known Issue Rollback (KIR) is available. Use pilot rings to validate any reintroduction.
- Plan fallback: If rollback is inevitable, document compensating security measures and a timeline for reinstalling the update once Microsoft releases a remediation.
How Microsoft and Vendors Have Responded—and Where Transparency Could Improve
Strengths: The rapid publication of a practical, reversible mitigation allowed many teams to restore operations without sacrificing security updates. The collaborative guidance from Microsoft and NDI was clear and actionable.
Weaknesses and open questions:
- Microsoft has not yet published a detailed root cause analysis specifying which network stack change triggered the RUDP failure. This leaves systems engineers guessing about related regressions or residual risk.
- The presence of multiple regressions in one patch cycle suggests insufficient cross-stack validation for specialized workflows. Independent voices are calling for expanded test matrices that include media and AV workloads.
Risk Assessment: Decision Guide for Different Operators
- Small-scale creators: Single-PC streamers that encode locally are unlikely to be affected. Those using NDI for multi-PC workflows should apply the transport change and validate in a private test stream.
- Mid-sized studios and event producers: Pilot the NDI transport change on a subset of encoder and monitoring machines, validate end-to-end, then push widely. Maintain a rollback procedure with documented security controls.
- Enterprise broadcast operations: Hold KB5063878 in test rings until Microsoft publishes a KIR or a fixed cumulative update. Coordinate with NDI, OBS, and vMix support for explicit RUDP and Display Capture test cases before approving reintroduction to production fleets.
What to Expect Next and the Likely Timeline
Microsoft has formally acknowledged the issue and stated that engineering teams are investigating. Historically, high-impact regressions are resolved via a Known Issue Rollback or targeted KIR within days, but a full cumulative replacement can take weeks. Given the commercial impact on broadcasters, expect Microsoft to prioritize a fix, but continue operating under the assumption that the transport workaround may be required for the near term.
Final Analysis and Takeaways
This incident is a textbook case of an OS update unintentionally disrupting a niche but economically vital workflow. The facts are clear, verified across vendor documentation and independent reports: the August 2025 cumulative updates correlate with reproducible NDI RUDP failures, and the recommended mitigation—switching to Single TCP or legacy UDP—restores functionality while preserving security updates.
The workaround is not without tradeoffs. Single TCP can introduce latency, and legacy UDP discards reliability benefits. Every production must test these alternatives under show conditions. Rolling back security patches is a last resort that demands documented compensating controls.
The broader lesson is that as operating systems grow more complex and cumulative, staged deployment policies, representative test matrices that include real-time AV flows, and tighter vendor collaboration are no longer optional—they are prerequisites for reliable live production. The August 2025 incident delivers that message with uncomfortable clarity.