Microsoft has detailed a critical bug in Windows 11 and Windows Server 2022. Due to the issues outlined in Knowledge Base (KB) article KB5017259 (opens in a new tab), it says users of its latest desktop operating system may have data corruption. There appears to be a vulnerability in the operation of the new data encryption hardware accelerator, which is supported by the latest AMD and Intel processors and used by applications such as BitLocker. Thankfully, fixes are available for both preview and release versions of Windows 11 and Windows Server 2022.
Microsoft says affected systems will experience the issues described in KB5017259 if they have a processor that supports the latest Vector Advanced Encryption Standard (AES) (VAES) and specifically one of the following extensions:
- Modified cipherbook mode based on AES XEX with ciphertext stealing (AES-XTS)
- AES with Galois Mode/Counter (GCM) (AES-GCM)
Checking around, we found that the following modern PC processors already support VAES; Intel Ice Lake, Tiger Lake and Rocket Lake, plus AMD Zen 4 architecture processors coming soon.
What seems to have happened is that Microsoft has added new codepaths for hardware acceleration support to its Symcrypt library on the latest AMD and Intel processors, with support for features like AES -XTS and AES-GCM. However, implementation errors mean that the data being written may contain errors, meaning that the data will be corrupted/corrupted/lost.
Microsoft doesn’t cover what to do if you’ve had this data corruption issue, but Microsoft has fixes and workarounds available. To prevent any (additional) data damage, users of the operating system’s preview release should get the May 24 release, while general Windows users should get the security update. secret June 14.
Microsoft admits its drugs have an unpleasant taste “After applying those updates, you may notice slower performance for almost a month after installing them on Windows Server 2022 and Windows 11 (releases). original operating system),” Microsoft said in its news release. Applications/workloads that use encryption will suffer the most, so watch out for slowdowns in BitLocker, Transport Layer Security (TLS) (namely load balancers) and throughput drives, especially for enterprise customers.
Those who observe a severe performance hit, meaning that the code runs at almost half the speed it was before, may run some more updates. Preview users can get the June 23 preview update, and regular Windows 11 and Windows Server 2022 users can install the July 12 security update.
If any readers experience data damage due to the above implementation errors, please share your experiences in the comments section.