Microsoft has revealed a new bug within Windows 11 & Windows Server 2022 operating systems that affects the latest Intel & AMD CPUs. The bug is related to the encryption on the said OS and processors outfitted with AES/VAES (Vector Advanced Encryption Standard) Instruction sets have been affected.
Microsoft Confirms New Encryption Bug Could Damage Data on Latest AMD & Intel CPUs With VAES Instructions, Patch To Reduce Performance
While AMD & Intel CPUs are the highlights, virtually any system that is running a PC with the following instructions is affected and susceptible to data damage:
- AES XEX-based tweaked-codebook mode with ciphertext stealing (AES-XTS)
AES with Galois/Counter Mode (GCM) (AES-GCM)
As for the list of CPUs that are affected by this bug, those include Intel CPUs starting the 10th Gen Ice Lake and above, Ice Lake-SP Xeon Scalable processors for servers, and AMD CPUs starting the Zen 3 lineup plus the upcoming Zen 4 chips. For Zen 3, both the non-V-Cache and 3D V-cache parts are affected. Alder Lake & Raptor Lake CPUs don't officially support VAES but it can be enabled on some motherboards with custom BIOS firmware.
- AMD CPUs Affected: Ryzen 5000, Ryzen 5000X3D, EPYC Milan, EPYC Milan-X, EPYC Genoa
- Intel CPUs Affected: Ice Lake, Tiger Lake, Alder Lake (Partial), Raptor Lake (Partial), Ice Lake-SP, Sapphire Rapids-SP
AES-based operations might be two times (2x) slower after installing the Windows update for the May 24, 2022 preview release or the June 14, 2022 security release.
The root cause of this bug happened when Microsoft added new code paths to Windows 11 and Windows Server 2022 versions of SymCrypt to take advantage of the VAES instructions offered by the latest CPUs. SymCrypt is the core cryptographic library in Windows. These instructions act on Advanced Vector Extensions (AVX) registers for hardware with the newest supported processors.
However, these code paths opened up a vulnerability that could lead to permanent data damage. Now there's already a resolution and workaround which is to install the June 23, 2022 preview of the aforementioned operating systems but it is reported by Microsoft that after applying the new update, PCs will notice slower performance (up to 2x slower) in applications such as:
- Transport Layer Security (TLS) (specifically load balancers)
Disk throughput, especially for enterprise customers
Microsoft states that users will have to wait for a month for a proper patch to be rolled out but till then, the only workaround to avoid data damage is to switch to lower performance on the older update.
Install the June 23, 2022 preview release for your OS; see below:
Install the July 12, 2022 security release for your OS; see below:
News Source: WindowsReport