Microsoft has acknowledged a severe bug in Windows 11 and Windows Server 2022 that results in data damage for devices equipped with processors supporting the newest Vector Advanced Encryption Standard (VAES) instruction set.

Only newer CPU generations support VAES instructions, including Ice Lake, Tiger Lake, Rocket Lake, and AMD's upcoming Zen 4. You can also manually enable them on early Alder Lake processors on certain motherboards, although Intel has physically fused off AVX-512 entirely in newer CPU revisions.

Microsoft claims the problem stems from the new code paths added to SymCrypt (Windows's core cryptographic function library) that take advantage of VAES instructions. Specifically, the affected machines use either AES XEX-based tweaked-codebook mode with ciphertext stealing (AES-XTS) or AES with Galois/Counter Mode (GCM) (AES-GCM).

The company initially addressed the data corruption issue in the May 24 preview release and the June 14 security update. However, these patches introduced a massive performance penalty for AES-based operations, with some functions reportedly taking twice as long. In Microsoft's testing, slowdowns occurred in Bitlocker and the Transport Layer Security (TLS) protocol, with disk throughput also affected, especially for enterprise customers.

Fortunately, Microsoft's newest updates resolve these performance regressions. Users can receive the new patches automatically via Windows Update or download them directly from Microsoft's Update Catalog.