Microsoft has released an article in its knowledge base acknowledging the issue of security acceleration for encryption in latest versions of Windows that can lead to data corruption. Microsoft recommends installing June 2022 security update to Windows 11 and Windows Server 2022 “to prevent further damage,” however there aren’t suggestions for those who’s lost data as a result of the issue.
The issue is only affecting recent computers and servers that can support vector advanced encryption standard (VAES) instructions to speed up cryptographic operations. Microsoft claims affected systems utilize AESXTS or AESGCM instruction “on new hardware.” As part of the AVX-512 instruction set, the VAES commands are implemented with Intel’s Ice Lake, Tiger Lake, Rocket Lake, and Alder Lake architectures–these power some 10th-generation Core CPUs that are used in laptops, and all 11thand 12th-gen Core CPUs. AMD’s planned Zen 4 architecture also supports VAES. However, when these chips arrive in the autumn, the patches should have ample time to multiply.
Microsoft states that the issue resulted from the addition of “new code paths” to enable the latest encryption instructions in SymCrypt. This is Windows the functions library for cryptography. The code paths were introduced in the first release of Windows 11 and Windows Server 2022, which means that the issue should not affect older versions of Windows 10 or Windows Server 2019.
The first fix to the issue, available in Windows the June 2022 security updates (Windows 11 version 22000.778) This will help prevent further damage , but at the cost of a slower performance. This suggests that the original solution was to stop encryption acceleration for the processors. If you use Bitlocker encrypted disks or those using Transport Layer Security (TLS) protocol, or accessing encrypted storage on servers will slow down with the initial patch in place, however, August 2022’s security update (Windows 11 version 22000.795) should bring performance back to its prior level.
