Windows 11 Encryption Bug Could Cause Data Loss, Temporary Slowdowns On Newer PCs (arstechnica.com) 28
An anonymous reader quotes a report from Ars Technica: Microsoft has published a knowledge base article acknowledging a problem with encryption acceleration in the newest versions of Windows that could result in data corruption. The company recommends installing the June 2022 security updates for Windows 11 and Windows Server 2022 "to prevent further damage," though there are no suggested solutions for anyone who has already lost data because of the bug.
The problems only affect relatively recent PCs and servers that support Vector Advanced Encryption Standard (VAES) instructions for accelerating cryptographic operations. Microsoft says affected systems use AES-XTS or AES-GCM instructions "on new hardware." Part of the AVX-512 instruction set, VAES instructions are supported by Intel's Ice Lake, Tiger Lake, Rocket Lake, and Alder Lake architectures -- these power some 10th-generation Core CPUs for laptops, as well as all 11th- and 12th-gen Core CPUs. AMD's upcoming Zen 4 architecture also supports VAES, though by the time these chips are released in the fall, the patches will have had plenty of time to proliferate. Microsoft says that the problem was caused when it added "new code paths" to support the updated encryption instructions in SymCrypt, Windows' cryptographic function library. These code paths were added in the initial release of Windows 11 and Windows Server 2022, so the problem shouldn't affect older versions like Windows 10 or Windows Server 2019.
The initial fix for the problem, provided in Windows' June 2022 security update package (Windows 11 build 22000.778), will prevent further damage at the cost of reduced performance, suggesting that the initial fix was to disable encryption acceleration on these processors entirely. Using Bitlocker-encrypted disks or the Transport Layer Security (TLS) protocol or accessing encrypted storage on servers will all be slower with the first patch installed, though installing the July 2022 security updates (Windows 11 build 22000.795) should restore performance to its previous level.
The problems only affect relatively recent PCs and servers that support Vector Advanced Encryption Standard (VAES) instructions for accelerating cryptographic operations. Microsoft says affected systems use AES-XTS or AES-GCM instructions "on new hardware." Part of the AVX-512 instruction set, VAES instructions are supported by Intel's Ice Lake, Tiger Lake, Rocket Lake, and Alder Lake architectures -- these power some 10th-generation Core CPUs for laptops, as well as all 11th- and 12th-gen Core CPUs. AMD's upcoming Zen 4 architecture also supports VAES, though by the time these chips are released in the fall, the patches will have had plenty of time to proliferate. Microsoft says that the problem was caused when it added "new code paths" to support the updated encryption instructions in SymCrypt, Windows' cryptographic function library. These code paths were added in the initial release of Windows 11 and Windows Server 2022, so the problem shouldn't affect older versions like Windows 10 or Windows Server 2019.
The initial fix for the problem, provided in Windows' June 2022 security update package (Windows 11 build 22000.778), will prevent further damage at the cost of reduced performance, suggesting that the initial fix was to disable encryption acceleration on these processors entirely. Using Bitlocker-encrypted disks or the Transport Layer Security (TLS) protocol or accessing encrypted storage on servers will all be slower with the first patch installed, though installing the July 2022 security updates (Windows 11 build 22000.795) should restore performance to its previous level.
Re:Make an OS that EVEN fools can use... (Score:2)
sed
Typical Microsoft (Score:1)
Ok long as the start menu ads still work (Score:3)
"old" pc here ... (Score:3)
... happily w11-free!
Re: (Score:3)
Re: (Score:2)
Old Windows? Sounds like you have all sorts of other problems. The difference is no one will publish you any knowledge base articles or patches for them.
So crappy testing (Score:2)
No surprise, Win11 is (again) an attempt by Microsoft to find out how cheaply and crappily they can make things before customers complain.
Re: (Score:2)
Re: (Score:2)
How do you know it's crappy?
Because they have finished their long research into trusted computing, locking down the internet, and changing how exe's work from now on to kill piracy, piracy over the next 20 years will slowly begin to disappear because they are changing how CPU's process assembly instructions.
For the first 40 year sof general computing from 1960 to 2000 roughly, we got "general cpu's" aka we had root and plaintext compiled c++ binaries (aka honestly compiled exe's). That's what made PC games trivial to crack from the 8
New NSA paths? (Score:2, Insightful)
Sounds like NSA code paths added for backdooring things and they borked it.
OR the hardware encryption is too hard to break so this intentional bug is here to dissuade usage.
Which is it?
Re: (Score:2)
Re: (Score:3)
The trick with doing stuff in parallel is putting it back together across threads both correctly and quickly.
When your test file is all zeroes it makes it even harder.
Re: (Score:2)
Considering that Microsoft stores your Bitlocker key on their cloud servers, there's not much reason for them to backdoor the algorithm.
Re: (Score:1)
MS having keys doesn't help with TURBULENT or TURMOIL data theft.
Re: (Score:3)
Re: (Score:2)
so this intentional bug is here to dissuade usage.
Is that why they fixed it? Man I wish for the days of old Slashdot where conspiracy theories actually made sense rather than the senseless drivel we read these days.
"I'm only here for the comments" used to reflect the quality of the stories. Pretty soon we'll only come for the summaries.
Windows 11: No On Wanted It (Score:2)
Or just don't use win11, ever (Score:2)
Re: (Score:2)
I've been using Windows since Windows 2, and I have almost never used the store. I think I've installed 1 thing from the store, and that was a distro for WSL, and that's it. 99.9% of the stuff funneled through the store is stuff experienced people don't actually have any use for.
But yeah, they need to stop trying to copy Apple. Microsoft used to do things. Now all they do is copy everyone else.
Vector Advanced Encryption Standard? (Score:1)
was this the same standard that was shown to be backdoored? or is it a variant of?
Slower performance for almost one month only? (Score:2)
According to this :
https://support.microsoft.com/... [microsoft.com]
"
After applying those updates, you might notice slower performance for almost one month after you install them on Windows Server 2022 and Windows 11 (original release).
"
So it speeds up after a month?