Microsoft fixes Windows 11 encryption bug that can lead to corrupted data

Why it matters: According to Microsoft, an encryption bug in older versions of Windows 11 and Windows Server 2022 could lead to data corruption on systems running Ice Lake, Tiger Lake, or Rocket Lake CPUs. The company fixed the problem a few months ago through a patch that introduced performance penalties, with the newest updates returning encryption speed to normal.

Microsoft has acknowledged a severe bug in Windows 11 and Windows Server 2022 that results in data damage for devices equipped with processors supporting the newest Vector Advanced Encryption Standard (VAES) instruction set.

Only newer CPU generations support VAES instructions, including Ice Lake, Tiger Lake, Rocket Lake, and AMD's upcoming Zen 4. You can also manually enable them on early Alder Lake processors on certain motherboards, although Intel has physically fused off AVX-512 entirely in newer CPU revisions.

Microsoft claims the problem stems from the new code paths added to SymCrypt (Windows's core cryptographic function library) that take advantage of VAES instructions. Specifically, the affected machines use either AES XEX-based tweaked-codebook mode with ciphertext stealing (AES-XTS) or AES with Galois/Counter Mode (GCM) (AES-GCM).

The company initially addressed the data corruption issue in the May 24 preview release and the June 14 security update. However, these patches introduced a massive performance penalty for AES-based operations, with some functions reportedly taking twice as long. In Microsoft's testing, slowdowns occurred in Bitlocker and the Transport Layer Security (TLS) protocol, with disk throughput also affected, especially for enterprise customers.

Fortunately, Microsoft's newest updates resolve these performance regressions. Users can receive the new patches automatically via Windows Update or download them directly from Microsoft's Update Catalog.

Windows 11 used to have another issue that led to degraded SSD performance. Microsoft's first patch only fixed the problem for some people, and it took several months for the company to release an update that restored disk performance to normal levels for everyone. Some Windows 11 PCs also come with Virtualization-based Security (VBS) enabled by default, which has a significant performance impact in some scenarios, most notably gaming.