Windows devices that support the newest Vector Advanced Encryption Standard (AES) (VAES) instruction set might be susceptible to data damage. The affected Windows devices use one of the following on new hardware:
AES XEX-based tweaked-codebook mode with ciphertext stealing (AES-XTS)
AES with Galois/Counter Mode (GCM) (AES-GCM)
To prevent further data damage, we addressed this issue in the May 24, 2022 preview release and the June 14, 2022 security release. After applying those updates, you might notice slower performance for almost one month after you install them on Windows Server 2022 and Windows 11 (original release). The scenarios that might have performance degradation include:
Transport Layer Security (TLS) (specifically load balancers)
Disk throughput, especially for enterprise customers
If this affects you, we strongly urge you to install the May 24, 2022 preview release or the June 14, 2022 security release as soon as possible to prevent further damage. Performance will be restored after you install the June 23, 2022 preview release or the July 12, 2022 security release.
AES-based operations might be two times (2x) slower after installing the Windows update for the May 24, 2022 preview release or the June 14, 2022 security release.
We added new code paths to the Windows 11 (original release) and Windows Server 2022 versions of SymCrypt to take advantage of VAES (vectorized AES) instructions. SymCrypt is the core cryptographic library in Windows. These instructions act on Advanced Vector Extensions (AVX) registers for hardware with the newest supported processors.
Install the June 23, 2022 preview release for your OS; see below:
Install the July 12, 2022 security release for your OS; see below:
Microsoft has confirmed that this is an issue in the Microsoft products that are listed
in the "Applies to" section.