Windows 11 and Server 2022 encryption bug could ‘corrupt’ data on new devices

Microsoft has published a Knowledge Base article acknowledging an issue with encryption acceleration in the latest versions of Windows that can lead to data corruption. The company recommends installing the June 2022 security updates for Windows 11 and Windows Server 2022 β€œto prevent further damage,” although there are no suggested solutions for those who have already lost data due to the error.

The issues only affect relatively new PCs and servers that support Vector Advanced Encryption Standard (VAES) instructions to speed up cryptographic operations. Microsoft says affected systems use AES-XTS or AES-GCM instructions “on new hardware.”As part of the AVX-512 instruction set, VAES instructions are supported by the Intel Ice Lake, Tiger Lake, Rocket Lake, and Alder Lake architectures – they run some 10th Gen Core laptop processors, as well as all 11th and 12th Gen processors. main processors. AMD’s upcoming Zen 4 architecture also supports VAES, though by the time those chips are released in the fall, there will be plenty of time for patches to spread.

Microsoft says the problem was caused by the addition of “new code paths”to support updated encryption instructions in SymCrypt, the Windows cryptographic function library. These code paths were added in the initial release of Windows 11 and Windows Server 2022, so the issue should not affect older versions such as Windows 10 or Windows Server 2019.

The initial fix for the issue, introduced in the June 2022 Windows Security Update (Windows 11 Build 22000.778), will prevent further damage at the expense of performance, assuming that the original fix was to completely disable encryption acceleration on these processors. Using Bitlocker or Transport Layer Security (TLS) encrypted drives or accessing encrypted storage on servers will run slower with the first hotfix installed, although installing the July 2022 security updates (Windows 11 Build 22000.795) should restore performance to previous levels.

CDN CTB