Microsoft fixes Windows 11 encryption bug that can lead to corrupted data

[Tudor Cibean]

Why it matters: According to Microsoft, an encryption bug in older versions of Windows 11 and Windows Server 2022 could lead to data corruption on systems running Ice Lake, Tiger Lake, or Rocket Lake CPUs. The company fixed the problem a few months ago through a patch that introduced performance penalties, with the newest updates returning encryption speed to normal.

Microsoft has acknowledged a severe bug in Windows 11 and Windows Server 2022 that results in data damage for devices equipped with processors supporting the newest Vector Advanced Encryption Standard (VAES) instruction set.

Only newer CPU generations support VAES instructions, including Ice Lake, Tiger Lake, Rocket Lake, and AMD's upcoming Zen 4. You can also manually enable them on early Alder Lake processors on certain motherboards, although Intel has physically fused off AVX-512 entirely in newer CPU revisions.

Microsoft claims the problem stems from the new code paths added to SymCrypt (Windows's core cryptographic function library) that take advantage of VAES instructions. Specifically, the affected machines use either AES XEX-based tweaked-codebook mode with ciphertext stealing (AES-XTS) or AES with Galois/Counter Mode (GCM) (AES-GCM).

The company initially addressed the data corruption issue in the May 24 preview release and the June 14 security update. However, these patches introduced a massive performance penalty for AES-based operations, with some functions reportedly taking twice as long. In Microsoft's testing, slowdowns occurred in Bitlocker and the Transport Layer Security (TLS) protocol, with disk throughput also affected, especially for enterprise customers.

Fortunately, Microsoft's newest updates resolve these performance regressions. Users can receive the new patches automatically via Windows Update or download them directly from Microsoft's Update Catalog.

Windows 11 used to have another issue that led to degraded SSD performance. Microsoft's first patch only fixed the problem for some people, and it took several months for the company to release an update that restored disk performance to normal levels for everyone. Some Windows 11 PCs also come with Virtualization-based Security (VBS) enabled by default, which has a significant performance impact in some scenarios, most notably gaming.

Permalink to story.

https://www.techspot.com/news/95572-microsoft-fixes-windows-11-encryption-bug-can-lead.html

 

[psycros]

Windows 11 is Vista 2.0. All looks, no substance and harder to use than what came before.

 

[VaRmeNsI]

I'll just wait for Windows 12...

 

[punctualturn]

Windows 11 is Vista 2.0. All looks, no substance and harder to use than what came before.

I have to say, personally, I didn't had any issues with Vista, except getting used to the crazy UAC prompts.

W11 on the other hand is such a mess, UI/usability wise.

 

[Dimitrios]

W11 The new "Crysis."

 

[texasrattler]

So the last sentence in the article, is vbs still a issue in gaming? I thought MS released the patch for that months ago.

 

[Kam7r]

Personally I always wait at least 1 year after a new windows come out to even considering upgrading just to avoid this kind of thing...

 

[MarkHughes]

I used Windows 11 for quite a while, But had to switch my Windows partition back to 10, 11 Seems sluggish and it feels like nothing is quite as smooth from games to coding...

I feel like it has a lot of maturing to do before I try again, This bug is one of many problems (Including the garbage start menu)

 

[Irata]

In hindsight, Intel probably regrets tying Alder Lake to Win 11. Might have seemed like a great idea (combined marketing effort) at first, seeing how they and MS could do a combined marketing push.

I mean, who doesn‘t like being a hardware and software beta tester at the same time (excluding P core only ADL here) ?

 

[Hardware Geek]

I realize it uses new instructions not present on previous architectures, but find it quite funny that older processors didn't have this problem. Yet Microsoft, seemingly arbitrarily, won't let you install it on computers running processors older than 8th gen, but doesn't seem to actually care if you bypass the "minimum" requirements.

 

[Uncle Al]

MicroSludge does it again!

 

[TheBigFatClown]

So, the bug only affects those with Intel CPUs.....that's interesting. Im glad my last 3 purchases have all been AMD Ryzen series...true to the name. Still, even though I'm not affected personally it does bring down my confidence in the things I have to read and hear about. While the UI is completely confusing in Windows 11, I'll have to admit, I think there are a lot of good things about it also.
My day to day use seems unaffected mostly for most games and applications. Even the ICS works but it's very specific about when it wants to work and when it doesnt.
In other words, all the stars have to be in alignment for it to work and I havent figured out that pattern just yet.

 

[Gezzer]

In hindsight, Intel probably regrets tying Alder Lake to Win 11. Might have seemed like a great idea (combined marketing effort) at first, seeing how they and MS could do a combined marketing push.

I mean, who doesn‘t like being a hardware and software beta tester at the same time (excluding P core only ADL here) ?

If I'm not mistaken they had no choice. The scheduler with all the previous windows versions couldn't properly utilize the new big/little core design. It's a bit more complicated making sure that each core is running threads that take advantage of it's capabilities. Could M$ of back ported the Win11 scheduler to Win10? Maybe. Since Vista, M$ has designed a lot of the system components so they're tied to a certain kernel, like DirectX for example. It's why Vista had so many teething issues, and why you can't upgrade Win7 to DX12. So it might be impossible to do.

 

[lazer]

Micro$lop is not a tech company, it is a hard driven sales company that sell tech products that are second rate and expensive.

 

[Hodor]

That bug in Windows 11 that causes loss of data actually has a name. It's called "Windows 11".