Microsoft has issued a warning that Windows devices using the newest supported processors are susceptible to "data damage" on Windows 11 and Windows Server 2022. The bug is a result of an issue in the newest Vector Advanced Encryption Standard (AES) (VAES) instruction set that was added to their latest operating systems. The affected devices use either AES XEX-based tweaked-codebook mode with ciphertext stealing (AES-XTS) or AES with Galois/Counter Mode (GCM) (AES-GCM) on new hardware.
Windows 11 has seen a slow adoption since its release in October 2021, due to the high demands it places on the machines to be updated. Especially CPU is an issue for many machines, as in April of this year, data revealed only 44.4% of machines met the requirements. According to our April survey, only about 1.44% of Windows devices were already running Windows 11, and only 0.09% of Windows servers had adopted Server 2022. You can read more on the Windows 11 Readiness blog.
Update Affected Windows Machines
Microsoft already addressed the issue in the May 24, 2022 preview release and the June 14, 2022 security release. However, once updated this caused users to experience slower performance, as AES-based operations could be two times slower. This issue has in turn already been addressed in the June 23, 2022 preview release and the July 12, 2022 security release. To avoid further data damage you are strongly advised to update to the latest release as soon as possible:
"If this affects you, we strongly urge you to install the May 24, 2022 preview release or the June 14, 2022 security release as soon as possible to prevent further damage. Performance will be restored after you install the June 23, 2022 preview release or the July 12, 2022 security release."- Microsoft Support, KB5017259
Discover Affected Windows Devices
Based on the information shared by Microsoft, we have created a special Lansweeper report that will provide a list of all devices in your environment that are still susceptible to data damage. This way you have an actionable list of devices that require an update.