Microsoft he published a problem with encryption acceleration in the latest versions of Windows that could lead to data corruption.
The company recommends installing the June 2022 security updates for Windows 11 and Windows Server 2022 "to prevent further damage," though there are no recommended solutions for anyone who has already lost data due to the bug.
The issues only affect relatively recent computers and servers that support Vector Advanced Encryption Standard (VAES) instructions to accelerate cryptographic operations.
Microsoft says affected systems use AES-XTS or AES-GCM instructions "on new hardware." Part of the AVX-512 command set, VAES instructions are supported by Intel's Ice Lake, Tiger Lake, Rocket Lake, and Alder Lake architectures that power some 10th generation Core CPUs for laptops, as well as all 11th and 12th generation Cores.
AMD's upcoming Zen 4 architecture also supports VAES, although by the time those chips are released in the fall, patches will have been released.
Microsoft says the problem was caused when it added "new code paths" to support encryption instructions in SymCrypt, Windows' library of cryptographic functions. These paths were added in the original version of Windows 11 and Windows Server 2022, so the problem should not affect older versions such as Windows 10 or Windows Server 2019.
The initial fix for the problem, provided in the June 2022 Windows security update package (Windows 11 build 22000.778), will prevent further damage but will come at the cost of reduced performance. This means that the initial fix is to completely disable encryption acceleration on these processors.
Using Bitlocker or Transport Layer Security (TLS) encrypted drives will be slower with the first update installed, although installing the July 2022 security updates (Windows 11 build 22000.795) should restore performance level.
