This Windows 11 encryption bug can damage data
News
The solution is, as almost always, to keep your PC patched and up to date.
Microsoft is warning that Windows 11 is subject to a bug that can corrupt data under certain specialized conditions, including writing data to drives encrypted using BitLocker. Unfortunately, the patch is of slight concern, as Microsoft warns that it will slow performance for about a month.
The functions affected are two you've probably never heard of: either AES XEX-based Modified Codebook Mode with Ciphertext Stealing (AES-XTS) or AES with Galois/Counter Mode (GCM ) (AES-GCM) . As Toms hardware, processors affected include Intel's 10th Gen "Ice Lake" and 11th Gen "Rocket Lake" processors, as well as AMD's upcoming Zen 4 chips, otherwise known as Ryzen. 7000.
The problem is that both functions are used for data encryption and AES-XTS was specifically added to Windows 10 as the underlying function for BitLocker encryption. BitLocker works with your PC's Trusted Platform Module (TPM) to encrypt and protect your drive. If your laptop is lost or stolen, an attacker wouldn't be able to access your data without your PIN, fingerprint, or face through Windows. Hello. The function is also used for , too.
If there's any good news, it's that updating your PC may have alleviated the data corruption issue entirely. On the one hand, Microsoft implies that only the original version of Windows 11 is likely and that the problem was "addressed" via a security release in June.
The other concern, however, is that Microsoft's note warns that performance may be slow for about a month after applying the update. (Microsoft does not explain why, or why the one-month period was chosen.) Affected applications include BitLocker plus enterprise load balancers and disk throughput on enterprise PCs.
If you've done the math, that puts the end of this period of performance degradation around mid-July. If you've kept your PC up to date, it's unlikely you'll be affected by either bug.
How do I know if my PC is using BitLocker?Microsoft has previously stated that BitLocker is only a feature built into the Pro versions of Windows 10 and Windows 11. If you signed into a Windows 11 Pro PC with your Microsoft account, BitLocker is enabled by default. However, even Windows 11 Home PCs can use Windows' built-in "device encryption." It is not clear whether Device Encryption uses the AES-XTS function or not.
An easy way to check if your PC has BitLocker is to simply open the Start menu and type “Manage BitLocker” into the search box. If BitLocker is enabled on your PC, you will receive a control panel to change its settings. If you don't, Windows just won't return the application. Make sure your BitLocker recovery key is backed up. If you're signed in to your Microsoft account, it's automatically stored in your account settings, which can be accessed online.
If your PC does not have BitLocker, it may still be eligible for device encryption. Go to the Settings menu, then Update & Security> Device Encryption. If your PC can be encrypted, you'll see a toggle to enable or disable it.
This Windows 11 Home PC is not formally encrypted via BitLocker, but is nonetheless always protected.Mark Hachman / IDG
How do I know if my disk has damaged data?As a user, if you haven't noticed any issues with your hard drive or SSD, you probably don't have to worry. But if you're worried, you can always manually scan your drive's file system for errors.
To do this, simply open File Explorer and right-click on your PC's SSD or hard drive. The "Properties" subtitle will open a menu where you can check for errors.
Scan your local disk for errors by right-clicking on it, then selecting ...
News
The solution is, as almost always, to keep your PC patched and up to date.
Microsoft is warning that Windows 11 is subject to a bug that can corrupt data under certain specialized conditions, including writing data to drives encrypted using BitLocker. Unfortunately, the patch is of slight concern, as Microsoft warns that it will slow performance for about a month.
The functions affected are two you've probably never heard of: either AES XEX-based Modified Codebook Mode with Ciphertext Stealing (AES-XTS) or AES with Galois/Counter Mode (GCM ) (AES-GCM) . As Toms hardware, processors affected include Intel's 10th Gen "Ice Lake" and 11th Gen "Rocket Lake" processors, as well as AMD's upcoming Zen 4 chips, otherwise known as Ryzen. 7000.
The problem is that both functions are used for data encryption and AES-XTS was specifically added to Windows 10 as the underlying function for BitLocker encryption. BitLocker works with your PC's Trusted Platform Module (TPM) to encrypt and protect your drive. If your laptop is lost or stolen, an attacker wouldn't be able to access your data without your PIN, fingerprint, or face through Windows. Hello. The function is also used for , too.
If there's any good news, it's that updating your PC may have alleviated the data corruption issue entirely. On the one hand, Microsoft implies that only the original version of Windows 11 is likely and that the problem was "addressed" via a security release in June.
The other concern, however, is that Microsoft's note warns that performance may be slow for about a month after applying the update. (Microsoft does not explain why, or why the one-month period was chosen.) Affected applications include BitLocker plus enterprise load balancers and disk throughput on enterprise PCs.
If you've done the math, that puts the end of this period of performance degradation around mid-July. If you've kept your PC up to date, it's unlikely you'll be affected by either bug.
How do I know if my PC is using BitLocker?Microsoft has previously stated that BitLocker is only a feature built into the Pro versions of Windows 10 and Windows 11. If you signed into a Windows 11 Pro PC with your Microsoft account, BitLocker is enabled by default. However, even Windows 11 Home PCs can use Windows' built-in "device encryption." It is not clear whether Device Encryption uses the AES-XTS function or not.
An easy way to check if your PC has BitLocker is to simply open the Start menu and type “Manage BitLocker” into the search box. If BitLocker is enabled on your PC, you will receive a control panel to change its settings. If you don't, Windows just won't return the application. Make sure your BitLocker recovery key is backed up. If you're signed in to your Microsoft account, it's automatically stored in your account settings, which can be accessed online.
If your PC does not have BitLocker, it may still be eligible for device encryption. Go to the Settings menu, then Update & Security> Device Encryption. If your PC can be encrypted, you'll see a toggle to enable or disable it.
This Windows 11 Home PC is not formally encrypted via BitLocker, but is nonetheless always protected.Mark Hachman / IDG
How do I know if my disk has damaged data?As a user, if you haven't noticed any issues with your hard drive or SSD, you probably don't have to worry. But if you're worried, you can always manually scan your drive's file system for errors.
To do this, simply open File Explorer and right-click on your PC's SSD or hard drive. The "Properties" subtitle will open a menu where you can check for errors.
Scan your local disk for errors by right-clicking on it, then selecting ...
What's Your Reaction?
