Users report that recent updates to Windows 11 24H2 may cause data corruption and failures in some SSD and HDD models. Microsoft has not yet been able to reproduce the issue and is asking people to submit information about any problems they’ve identified.
The potential problem was first flagged by a Japanese researcher, who noticed that the OS stops detecting drives with Phison NAND controllers during intensive write operations (for example, writing large files or many files at once, installing large game updates). He wrote that the issue occurs after installing the August security update KB5063878 and the preview update KB5062660.
Although some of the affected drives recovered after a system reboot, others remained inaccessible. The researcher suggested that the issue might be related to a drive cache bug and a memory leak in an OS-bufferable region.
“Tests show that symptoms appear on SSDs with more than 60% fill after about 50 GB of continuous writes. Reports indicate similar symptoms on HDDs as well,” the specialist wrote. “The tests also show that Phison NAND controllers are more prone to issues, and the company’s DRAM-less models typically exhibit problems even with smaller write volumes.”
Other users reported encountering a similar issue when using SanDisk Extreme Pro, Corsair Force MP600, Maxio SSD, KIOXIA EXCERIA PLUS G4, KIOXIA M.2 SSD, and other devices equipped with Phison PS5012-E12 and InnoGrit controllers.
Microsoft representatives confirmed to the media that they are aware of the issue and are already investigating it together with partners.
So far, the company’s specialists have not been able to reproduce the issue. The company claims that “neither internal testing nor telemetry has revealed an increase in disk failures or file corruption.”
Additionally, it’s reported that Microsoft’s customer support has not received reports from people who encountered this issue. Therefore, Microsoft is currently trying to collect user reports with additional information about these failures and asks all affected users to use Support for Business or the Feedback Hub to report the problem.
A Phison representative also told Bleeping Computer that the fallout from Windows 11 updates KB5063878 and KB5062660 could potentially have affected a range of storage devices, including some supported by Phison.
“We understand the inconvenience this may have caused and promptly reached out to relevant industry stakeholders. Controllers that may have been affected are currently being tested, and we are working with our partners,” Phison said.
Until the issue is resolved, Windows users are advised to avoid writing very large files (tens of gigabytes) or many large files back-to-back, and instead write them in smaller batches. It’s also recommended to extract large archives with many items (for example, 200 files at 200 MB each) in several stages.
2025.04.08 — Website of Everest ransomware group hacked and defaced
Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: "Don't do crime…
Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers
Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…
Full article →
2025.04.15 — Hackers exploit authentication bypass bug in OttoKit WordPress plugin
Hackers exploit an authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin used by more than 100,000 websites. First attacks were recorded just…
Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims
According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…
Full article →
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework
According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks
Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…
Full article →
2025.01.23 — Fake Telegram CAPTCHA forces users to run malicious PowerShell scripts
Hackers used the news of Ross Ulbricht pardoning to lure users to a rogue Telegram channel where they are tricked into running malicious PowerShell code. This…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →