Windows 11-enabled CPUs with VAES are vulnerable to data corruption

Since Windows 11 first came out, more people have embraced it, despite initial reluctance to make the change.

While your average user still prefers using Windows 10 every day, Microsoft has put in a lot of effort to transform Windows 11 into the stable experience it is today.

When the latest operating system was first released last summer, users were frustrated due to the stringent system requirements to run it.

At the time, only modern processors from AMD and Intel were supported as they were said to have enhanced security support compared to previous generation CPUs.

Of course, we’re talking about Intel 7th Generation Kaby Lake and AMD Zen (Ryzen 1000) or older processors, to avoid confusion.

However, even though the Windows 11 operating system is now more reliable, that doesn’t mean it’s 100% problem-free, as you’ll see later.

Microsoft acknowledges VAES CPU issue via KB5017259

Nonetheless, the Redmond tech giant discovered that supported CPUs with vectorized AES (VAES) instructions are having issues.

Microsoft says such Windows 11 and Windows Server devices are vulnerable to data corruption because the Advanced Encryption Standard (AES) directives are designed to speed up data encryption and any errors in them are bound to adversely affect device data.

Windows devices that support the latest Vector Advanced Encryption Standard (AES) (VAES) instruction set may be vulnerable to data corruption.

The affected Windows devices mentioned in Microsoft's statement actually use one of the following on new hardware:

• AES-based XEX with ciphertext stealing Adjusted Codebook Mode (AES-XTS)
• AES with Galois/Counter Mode (GCM) (AES-GCM)

Based on symptoms, Microsoft says that during installation AES-based operations may be twice as slow after the May 24, 2022 Preview or June 14, 2022 Security Windows update.

Apparently, this is because the tech giant added new code paths for Windows 11 (original) and Windows Server 2022 versions of SymCrypt to take advantage of VAES (vectorized AES) instructions.

Some of you may already know that SymCrypt is the core cryptography library in Windows. These instructions operate on the Advanced Vector Extensions (AVX) registers of hardware with the latest supported processors.

Here’s some good news, that is, Microsoft has already fixed this issue with previous Windows updates KB5014746 and KB5014019.

As a result, affected users can expect to experience performance impacts on BitLocker, TLS, and disk throughput when installing the workaround update.

Microsoft has not yet provided an official list of affected CPUs, but as far as we know, Intel CPUs starting with the 10th generation Ice Lake 10nm mobile chips are affected.

These are actually the first CPUs to debut VAES instructions in the new Sunny Cove design.

How can I solve this problem?

Install the June 23, 2022 preview for your operating system:

• Windows 11 (Original) – KB5014668
• Windows Server 2022 – KB5014665

Another option offered by the Redmond-based tech giant is shown below and is an alternative to the one above.

Install the July 12, 2022 security build for your operating system:

• Windows 11 (Original) – KB5015814
• Windows Server 2022 – KB5015827

Some of you may remember that this isn’t even the first time users have encountered performance issues with supported Windows 11 processors.

Last year, it was revealed that Virtualization-Based Security (VBS) was severely impacting gaming even on supported chips.

We will see what the future holds for us, but keep in mind that Windows 11 is still a young operating system and it can still have many issues.

The above is the detailed content of Windows 11-enabled CPUs with VAES are vulnerable to data corruption. For more information, please follow other related articles on the PHP Chinese website!