[German]Windows systems (Windows 11, Windows Server 2022) that uses CPUs with support of latest Vector Advanced Encryption Standard (AES) (VAES) command set may be vulnerable to data corruption. That's the simple message Microsoft released to its user base on August 8, 2022. All Windows 11 systems as well as Windows Server 2022 seem to be affected.
Advertising
Support article KB5017259 (Windows 11/Server 2022)
There is a support post KB5017259 from Microsoft titled Windows devices that have the newest supported processors might be susceptible to data damage, which rehashes the whole thing. The article states:
Windows devices that support the latest Vector Advanced Encryption Standard (AES) (VAES) instruction set may be susceptible to data damage.
The warning applies to Windows 11 clients as well as Windows Server 2022. Affected Windows systems uses the following features on new hardware:
- AES XEX-based tweaked codebook mode with ciphertext stealing (AES-XTS)
- AES with Galois/Counter Mode (GCM) (AES-GCM)
Microsoft has been aware of this issue for some time and, in order to prevent further data corruption, has provided a fix in the May 24, 2022 preview updates (Windows 11: Preview Update KB5014019 (May 24, 2022)) and with the June 14, 2022 security updates (Patchday: Windows 11/Server 2022 Updates (June 14, 2022)). So all is well?
Especially the June 2022 updates attracted attention because of numerous problems. I had addressed the various bugs in several blog posts (see link list at the end of the article). But there seems to be another problem.
Performance losses with the updates?
Microsoft hints at performance issues related to these updates (AES-based features are 2X slower after installing the Windows updates) in its support post KB5017259 and writes::
Advertising
After applying these updates, you may experience slower performance for almost a month after installation on Windows Server 2022 and Windows 11 (original version).
Background is that Microsoft in Windows 11 and Windows Server 2022 to use a code complement for SymCrypt. SymCrypt is the core cryptographic library in Windows. The new instructions in the code affect Advanced Vector Extensions (AVX) registers for hardware with the latest supported processors. However, the attempt to take advantage of the VAES (vectorized AES) instructions did not work out, but resulted in performance degradation. Scenarios where performance degradation can occur include:
- BitLocker
- Transport Layer Security (TLS) (especially load balancers)
- Disk-Durchsatz (especially for enterprise customers)
So, anyone who has installed the May 2022 preview updates in question or the June 2022 security updates and is experiencing performance degradation is affected.
According to my current estimation, the (performance) problems mentioned in the post Windows Server 2019: Update KB5015811 causes (performance) problems are not related to the above issue, as thisaffects Windows Server 2019.
Fixes available
According to Microsoft, the problem has been fixed in the meantime by the preview updates from June 2022 and the security update from July 2022. So if you are affected, please install the following updates:
- Windows 11: KB5014668 (Preview update June 23, 2022)
- Windows Server 2022: KB5014665 (Preview update June 23, 2022)
- Windows 11: KB5015814 (Security update July 12, 2022)
- Windows Server 2022: KB5015827 (Security update July 12, 2022)
Since the code for the preview updates is included in the security updates, installing the July 2022 security updates is sufficient. (via)
Similar articles
Patchday: Windows 10-Updates (June 14, 2022)
Patchday: Windows 11/Server 2022 Updates (June 14, 2022)
June 2022 patch day review: Windows update issues, Intel vulnerability, documentation fails
June 2022 Patchday issues (part 2): RDP, VPN, WLAN, hotspot connection and more
Windows 11: Preview Update KB5014019 (May 24, 2022)
June 2022 updates: Issues with RDP on Windows, BlackBerry UEM BSCP as cause?
Patchday: Windows 11/Server 2022-Updates (12. Juli 2022)
