Windows Devices with Newest CPUs are Susceptible to Data Damage
Microsoft has warned today that Windows devices with the newest supported processors are susceptible to “data damage” on Windows 11 and Windows Server 2022.
“Windows devices that support the newest Vector Advanced Encryption Standard (AES) (VAES) instruction set might be susceptible to data damage,” the company revealed today.
Devices affected by this newly acknowledged known issue use AES-XTS (AES XEX-based tweaked-codebook mode with ciphertext stealing) or AES-GCM (AES with Galois/Counter Mode) block cipher modes on new hardware.
While Microsoft mentions the data loss risks on affected systems, the company does not elaborate on what customers should expect if they’re hit by this issue.
Issue fixed in May and June Windows updates
Microsoft says the issue was addressed to prevent further data damage in preview and security releases issued on May 24 and June 14, respectively.
However, these Windows updates also come with a performance hit since AES-based operations might be two times (2x) slower after installing them on affected systems running Windows Server 2022 and Windows 11 (original release).
Scenarios impacted by the performance hit might include BitLocker, Transport Layer Security (TLS) (specifically load balancers), and disk throughput (especially for enterprise customers).
“We added new code paths to the Windows 11 (original release) and Windows Server 2022 versions of SymCrypt to take advantage of VAES (vectorized AES) instructions,” Microsoft said when describing the cause of the issue.
“SymCrypt is the core cryptographic library in Windows. These instructions act on Advanced Vector Extensions (AVX) registers for hardware with the newest supported processors.”
Workaround for the performance hit
Customers experiencing performance degradation are advised to install June 23 preview update (Windows 11, Windows Server 2022) or the July 12 security update (Windows 11, Windows Server 2022) for their OS version as a workaround.
Microsoft says these Windows updates will restore initial performance metrics once installed on affected devices.
“If this affects you, we strongly urge you to install the May 24, 2022 preview release or the June 14, 2022 security release, as soon as possible, to prevent further damage,” Microsoft added.
“Performance will be restored after you install the June 23, 2022 preview release or the July 12, 2022 security release.”