Microsoft has recognized a severe bug in Windows 11 and Windows Server 2022 that resulted in data damage for equipment equipped with processors that support the latest Vector Advanced Encryption Standard (VAES).
Only newer CPU generations can get VAES instructions, including Ice Lake, Tiger Lake, Rocket Lake, and AMD's next Zen 4. Alternatively, you may also manually enable them on early Alder Lake processors on certain motherboards, although Intel has physically fused off AVX-512 completely in newer processor revisions.
The reason for this is the addition of new code paths to SymCrypt (Windows's core cryptographic function library) that take advantage of VAES instruction. Specifically, the affected machines use either AES XEX-based tweaked-codebook mode with ciphertext stealing (AES-XTS) or AES with Galois/Counter Mode (AES-GCM).
In the preview release on May 24 and the security update on June 14, the company addressed data corruption. These patches imposed a significant performance penalty for AES-based operations, with some functions reportedly taking twice as long. In Microsoft's testing, slowdowns in Bitlocker and the Transport Layer Security protocol, with disk bandwidth also affected, mainly for enterprise customers.
Microsoft's latest updates help alleviate these performance limitations. Users may also receive the new patches directly via Windows Update or through the Microsoft Update Catalog.
Windows 11 used to have another issue that resulted in degrading SSD performance. Microsoft's first patch only fixed the problem for some people, and it took several months for the company to release an update that improved disk performance by default, which has a significant impact in certain situations.