A security flaw in Windows 11 and Server 2022 might “damage” data on more recent devices

In the latest versions of Windows, Microsoft has acknowledged an issue with encryption acceleration, which might result in data damage, in the Knowledge Base. In order to avoid additional harm, Microsoft suggests downloading the June 2022 security patches for Windows 11 and Windows Server 2022, however there are no advised fixes for anybody who has already lost data due to the flaw.

Only PCs and servers that implement the Vector Advanced Encryption Standard (VAES) instructions for speeding cryptographic processes are affected by the vulnerabilities. AES-XTS or AES-GCM instructions are “on new hardware” on the vulnerable devices, according to Microsoft. It is part of the AVX-512 instruction set and may be found in select 10th- and 11th-generation Intel Core processors for laptops, as well as all 11th and 12th-generation Intel Core processors. VAES will also be supported by AMD’s Zen 4 architecture when it launches this autumn, although the fixes will already be widely available by that time.

The issue was triggered by Microsoft adding “new code routes” to SymCrypt, Windows’ cryptographic function library, to handle the modified encryption instructions.

Windows 11 and Windows Server 2022 were the first to have these code paths, therefore the issue should not impact versions prior to them, such as Windows 10 and Windows Server 2019.

Fixing the issue in Windows’ June 2022 security update package (Windows 11 build 22000.778), which prevents additional harm but results in worse overall performance, may have been as simple as disabling encryption acceleration completely on certain CPUs. Windows 11 build 22000.795 (July 2022 security updates) should restore performance to its prior level when using Bitlocker-encrypted discs, TLS, or accessing encrypted storage on servers, with the first patch installed.