Microsoft announced this week that Windows 11 PCs using CPUs that support the latest Vector Advanced Encryption Standard (VAES) instruction set may experience data corruption issues. The price of the patch is a reduction in PC performance. Fortunately, Microsoft has released another Windows update to solve the slow performance.
Microsoft pointed out that if the CPU of Windows 11 PC or Windows Server 2022 supports AES-XTS (AES XEX-based tweaked-codebook mode with ciphertext stealing) or AES-GCM (AES with Galois/Counter Mode) one of the instruction sets, then The machine will be affected.
In fact, almost all the latest Windows machines with new Intel CPUs are affected. VAES is part of the Intel VAX512 instruction set. Some modern CPUs, including Intel Ice Lake, Tiger Lake, Rocket Lake, and Alder Lake, as well as AMD’s upcoming Zen 4 architecture, also support VAES instructions.
In fact, Microsoft has added patches to the Windows 11 update preview released on May 24 this year, and the June 14 security update to avoid “further corruption” of data. But it comes at a price: Microsoft says users will notice slower performance in some cases nearly a month after installation. There are three cases: including the use of BitLocker, TLS (especially when load balancing is enabled), and disk transfer, the latter especially seen by enterprise users. In the above scenario the AES operation becomes 2x slower, which means the performance is halved.
Microsoft explained that this is because, in order to make good use of VAES instructions, Microsoft has added a new code path to the SymCypt component of Windows 11 (original version) and Windows Server 2022 version. SymCrypt is a Windows cryptography library. Fortunately, Microsoft said that performance will resume after installing the June 23 preview version of the Windows 11 update, or the July 12 security update.
However, while the latest update mitigates the performance drop, previously corrupted data cannot be restored.
Since Microsoft’s updates are all on Windows 11 or Server 2022, users of Windows 10 or Windows Server 2019 systems should not need to worry about this problem.
This is the latest bug related to the Intel VAX 512 instruction set. The latest version of OpenSSL 3.0.4 released in June has a memory corruption bug related to the Intel AVX512 instruction set, forcing installed users to remove it in order to prevent it from being exploited by hackers. Soon after, the maintenance unit released OpenSSL version 3.0.5 to solve this problem.