Microsoft’s August 2025 security update for Windows 11 version 24H2 is wreaking havoc on professional broadcasting setups, triggering severe stuttering and audio dropouts in NDI-based streaming workflows. The culprit? KB5063878 (OS Build 26100.4946), a routine cumulative rollup that has introduced a transport-level regression affecting the Network Device Interface. Within days of its release, streamers, video producers, and IT administrators reported crippling lag, frame freezes, and choppy audio when using NDI to move video between machines. Microsoft has publicly acknowledged the issue and recommended an immediate configuration workaround: switching NDI’s receive mode from the default Reliable UDP (RUDP) to Single TCP or legacy UDP.
The Scope of the Problem
The problem is not a broad consumer streaming outage—services like YouTube, Twitch, or Netflix are unaffected. Instead, it strikes at the heart of multi-PC production environments where NDI is used to transport high-quality screen captures, camera feeds, and audio from a source machine (often a gaming or capture PC) to a dedicated encoder or mixer. Symptoms include persistent stuttering, dropped frames, and visible lag, even on low-bandwidth local networks. The issue is most pronounced when Display Capture is active on the source, a common scenario for tutorial makers, live gameplay broadcasts, and corporate presentations.
Affected applications include Open Broadcaster Software (OBS), vMix, and the official NDI Tools suite, particularly Studio Monitor and Screen Capture HX. Any workflow that relies on NDI’s default RUDP transport is at risk. Microsoft’s advisory explicitly ties the behavior to the August 12, 2025 update for Windows 11 24H2 (build 26100.4946), though similar reports have surfaced for parallel Windows 10 patches. This is not a niche bug; it has the potential to derail live events, esports broadcasts, and professional studio productions.
How NDI Works and Why RUDP Is Failing
NDI (Network Device Interface) is a widely adopted IP-video standard that allows seamless transport of high-quality, low-latency video over standard Ethernet. To balance quality, latency, and reliability, NDI supports multiple transport modes:
- RUDP (Reliable UDP): The default since NDI 5. It wraps UDP packets with sequencing, retransmission, and flow control to offer low latency with reduced artifacts.
- UDP (Legacy): Simple datagram transport without reliability mechanisms—fast but susceptible to packet loss.
- Single TCP: A reliable, ordered stream that works well in networks that filter or mishandle UDP traffic, though it introduces head-of-line blocking and higher latency under loss.
The August update appears to have introduced an anomaly in Windows’ network stack that specifically disrupts RUDP. Packet retransmission storms, dropped acknowledgments, or altered socket timing cause the transport to choke, resulting in the observed stutter. Microsoft has not yet published a formal root cause analysis, so the precise internals remain speculative. What is clear, from vendor advisories and independent testing, is that switching away from RUDP immediately restores smooth performance.
The Immediate Workaround: Changing NDI Transport Mode
For broadcasters and IT teams facing NDI issues after installing KB5063878, Microsoft and NDI vendor documentation recommend changing the Receive Mode on all receiving machines. This does not require uninstalling the security update and is reversible once a permanent fix is released.
Step-by-Step Instructions
- Download and install the free NDI Tools suite from the official NDI website. (If already installed, ensure it is the latest version.)
- Launch NDI Access Manager on the receiving PC.
- Select the Advanced tab.
- Locate the Receive Mode dropdown. Change it from RUDP (default) to either Single TCP or UDP (Legacy).
- Click OK.
- Restart all NDI-consuming applications (OBS, Studio Monitor, etc.) so they reload the configuration from
%programdata%/NDI/ndi-config.v1.json.
Choosing the Right Mode
- Single TCP is the safest fallback: it bypasses UDP entirely, ensuring reliable delivery at the cost of slightly higher latency. It is ideal for networks with complex topologies, VPNs, or where UDP packets are filtered.
- UDP (Legacy) preserves low latency and is suitable for dedicated, loss-free local networks. Be aware that without reliability mechanisms, occasional packet loss may result in visible artifacts.
After applying the change, run a sustained capture test (10–15 minutes) using the exact configuration planned for live shows. Confirm that frame rates, audio sync, and video quality are stable.
Operational Guidance for Studios and IT Administrators
For Live Production Teams
If you manage mission-critical streaming environments, treat KB5063878 as a high-risk update until Microsoft delivers an official fix. Strategies include:
- Apply the NDI transport change immediately on all receiving machines and test thoroughly.
- Delay or roll back the KB in controlled maintenance windows. Uninstalling a security update carries risk, so document compensating controls (e.g., network isolation, additional monitoring) and coordinate with your security team. Use the following PowerShell command on affected hosts:
wusa /uninstall /kb:5063878 /quiet(or via WSUS/Configuration Manager). - Pause automatic update approvals for KB5063878 in WSUS, Windows Update for Business, or Microsoft Intune rings until a Known Issue Rollback (KIR) or replacement update is available.
For IT Administrators Managing Many Endpoints
- Pilot the NDI Receive Mode change on a small test ring before mass deployment.
- Leverage scripted configuration management to push the
ndi-config.v1.jsonchange. A simple PowerShell script can modify the JSON file, and Group Policy Preferences or an MDM can deploy it across multiple machines. - Communicate the change to remote contributors and show partners. Include a pre-show checklist that verifies NDI transport mode and OS build to prevent last-minute surprises.
Detecting Affected Systems
To identify machines with KB5063878 installed:
- Check via winver or Settings > System > About for OS Build 26100.4946.
- Use PowerShell: Get-HotFix -Id KB5063878 (note that Get-HotFix may not list all updates on all systems; consult Windows Update history as a fallback).
Monitor streaming telemetry (frame drop percentage, audio desync events) to correlate with the update installation.
Risk Assessment and Trade-offs
- Security vs. Reliability: Removing a security update exposes systems to vulnerabilities addressed by the rollup. For most environments, the NDI transport workaround is preferable because it retains the security fixes while restoring functionality.
- Performance vs. Latency: Single TCP introduces more latency than RUDP, which may be unacceptable for ultra-low-latency use cases (e.g., competitive gaming commentary). UDP Legacy retains low latency but sacrifices reliability. Match the mode to your show’s real-time requirements and network quality.
- Operational Complexity: Changing NDI settings across dozens of distributed machines adds overhead. Plan for this with scripted rollouts and a communication plan. The centralized configuration file makes automation feasible.
What Microsoft and Vendors Have Said
Microsoft acknowledged the issue on its Windows Release Health dashboard, stating that it is investigating the root cause and advising customers to use the transport workaround until a permanent fix is available. The NDI team (part of the Vizrt Group) has echoed this guidance in its support channels, confirming that switching to TCP or UDP resolves the problem. Industry reports from BleepingComputer, Neowin, and PCWorld have independently verified the issue and the efficacy of the workaround.
However, the exact technical root cause remains undisclosed. Speculation points to changes in Windows’ QUIC/UDP stack, socket buffering adjustments, or timing interactions introduced by other security hardening. Without Microsoft’s official analysis, treat any deep-dive claims with caution. A Known Issue Rollback (KIR) is a likely remediation path—users can check for the kb5063878 KIR entry in Group Policy under Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage preview builds and updates.
Broader Implications for Update Management
This incident underscores the growing challenge of maintaining real-time media workflows on general-purpose operating systems. Windows cumulative updates are monolithic by design, and even minor networking tweaks can cascade into catastrophic failures for specialized software like NDI. For IT and production teams, the takeaways are clear:
- Staged deployment is non-negotiable: Use test rings that mirror production hardware and workloads.
- Incident playbooks matter: Have pre-approved configuration changes, rollback procedures, and communication templates ready.
- Test real workflows: Synthetic benchmarks often miss the specific code paths triggered by Display Capture + NDI RUDP.
The live event industry, already cautious after past update-related disruptions (e.g., printer crashes, VPN breakages), now has another reason to treat Patch Tuesday with vigilance.
Conclusion and Next Steps
The facts are stark: KB5063878 (August 2025) for Windows 11 24H2 breaks NDI streaming when using the default RUDP transport. Microsoft has confirmed the regression and provided a practical, reversible workaround—switch to Single TCP or legacy UDP. This advice is backed by vendor documentation and independent testing.
Strengths of the current response:
- The workaround is simple, does not remove security protections, and can be rolled out quickly.
- Microsoft’s prompt acknowledgment and guidance reduce confusion.
Remaining concerns:
- The absence of a detailed root cause means similar issues could reappear in future updates.
- Teams with stringent latency requirements may find the workaround unacceptable, forcing them into a difficult security-vs-reliability trade-off.
Production teams should act now: test the NDI Receive Mode change, stage updates carefully, and monitor Microsoft’s communications for an official fix. For the long term, this episode reinforces the need for resilient update strategies in an era where a single patch can plunge a livestream into chaos.