Windows 11 users with the latest CPUs at risk of losing their data

Windows 11
(Image credit: 123RF)

Windows 11 and Windows Server 2022 users whose devices run on some of the newest processors are at risk of losing their data, Microsoft has warned.

"Windows devices that support the newest Vector Advanced Encryption Standard (AES) (VAES) instruction set might be susceptible to data damage," the company said in its warning.

It was explained that the devices affected by this problem use either AES-XTS, or AES-GCM block cipher modes. Microsoft did not say how the flaw manifests itself and how would users know if they were affected. It did say that it fixed the issue with software patches that it released on May 24 and June 14. 

Workarounds

The fixes do come with quite a large caveat, with some reports claiming they will slow the endpoints severely, with AES-based operations possibly twice as slow as before applying the patch. 

Apparently, BitLocker, Transport Layer Security (TLS) (specifically load balancers), and disk throughput (for enterprise customers, mostly) are most affected.

"We added new code paths to the Windows 11 (original release) and Windows Server 2022 versions of SymCrypt to take advantage of VAES (vectorized AES) instructions," Microsoft said. "SymCrypt is the core cryptographic library in Windows. These instructions act on Advanced Vector Extensions (AVX) registers for hardware with the newest supported processors."

If the performance issue hits your endpoints too hard, Microsoft recommends installing the June 23 preview update (Windows 11, Windows Server 2022) or the July 12 security update (Windows 11, Windows Server 2022), as these should restore initial performance metrics.

"If this affects you, we strongly urge you to install the May 24, 2022 preview release or the June 14, 2022 security release, as soon as possible, to prevent further damage," Microsoft concluded. "Performance will be restored after you install the June 23, 2022 preview release or the July 12, 2022 security release."

Data loss, be it through disaster, or theft, is a major challenge for organizations nowadays, which is why experts recommend making sure all data is backed up, and the backups are regularly tested. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.