Windows 11 Encryption May Damage Data, Microsoft Says
Microsoft details critical bugs in Windows 11 and Windows Server 2022. KB5017259 (opens in new tab), states that users of its modern desktop operating systems may experience data corruption. It appears that there was a flaw in the operation of the new data encryption hardware accelerators supported by AMD and Intel’s latest processors and used by apps like BitLocker. Thankfully, a fix is already available for both preview and release versions of Windows 11 and Windows Server 2022.
Microsoft confirms that if an affected system has a processor that supports the latest Vector Advanced Encryption Standard (AES) (VAES), specifically any of the following extensions, it is subject to the issue described in KB5017259: It says it will.
- AES XEX-based fine-tuned codebook mode with ciphertext plagiarism (AES-XTS)
- AES with Galois/Counter Mode (GCM) (AES-GCM)
I did some research and found that it uses the following modern PC processors: Supported VAES; Intel Ice Lake, Tiger Lake, Rocket Lake and upcoming AMD Zen 4 architecture processors.
Apparently Microsoft has added new code paths to support features like AES-XTS and AES-GCM to support hardware acceleration of the Symcrypt library on modern processors from AMD and Intel. However, implementation errors meant that the data written could contain errors, and that data could be corrupted/corrupted/lost.
Microsoft doesn’t say what to do if you’ve already encountered this data corruption issue, but there are fixes and workarounds in place. Customers with it should get the May 24th release, and regular Windows users should get the June 14th security update.
Microsoft admits that their own medicine tastes bad. “After applying these updates, you may notice decreased performance for almost a month after installing them on Windows Server 2022 and Windows 11 (original release),” Microsoft said in its bulletin. increase. Enterprise customers in particular should be aware of slowdowns in BitLocker, Transport Layer Security (TLS) (especially load balancers), and disk throughput, as apps/workloads that use encryption will be most noticeably affected.
If you see a significant performance impact, i.e. encryption may run almost half as fast as before, you can do a few more updates. Preview users can get the June 23rd preview update, and regular Windows 11 and Windows Server 2022 users can install his July 12th security update.
If any of our readers experienced data corruption due to the above implementation flaws, please share your experience in the comments.