



The PC industry is still trying to come to grips with the fallout from the revelation of the Meltdown and Spectre chip vulnerabilities . Meltdown only affects Intel processors, while Spectre -- the more serious exploit -- affects processors from Intel, AMD, and ARM. Hardware OEMs and OS manufactures have banded together to release patches to help mitigate the effects of any attacks based on Meltdown or Spectre, although some of those patches have been disastrous

For its part, Microsoft is addressing some of the performance ramifications for installing patches to mitigate the Meltdown and Spectre vulnerabilities. Windows Chief Terry Myerson describes three exploits (two for Spectre, one for Meltdown) that have been addressed using a combination of silicon microcode updates and changes to the Windows operating system:

Variant 1 (Spectre): CVE-2017-5753 (Bound Check Bypass)

Variant 2 (Spectre): CVE-2017-5715 (Branch Target Injection)

Variant 3 (Meltdown): CVE-2017-5754 (Rogue Data Cache Load)

For Variant 1, Microsoft has implemented compiler changes, and recompiled binaries that are now found in Windows Update. The software company has also fortified both Internet Explorer 11 and the Microsoft Edge browser against JavaScript exploits. Variant 2 involves calling new processor instructions to prevent risky scenarios involving branch speculation. Variant 3 isolates both the kernel and the user mode page tables. Of the three variants, only the second requires a complementary microcode update on the host machine.





Now for some good news and bad news. We'll get the good news out of the way first and tell you that Variant 1 and Variant 3 will have "minimal performance impact" for users. However, bad news comes with the revelation that the mitigation protocols put in place with Variant 2 can have a profound effect on system performance, especially for users running Haswell (or older) processors on Windows 10 and Windows Server customers (regardless of what processor being used).

Windows 10 PCs with Skylake, Kaby Lake or anything newer may see "single-digit slowdowns", but for most users the impact will be minimal.

Windows 10 PCs with Haswell or older processors will see "more significant slowdowns" and Microsoft notes that a segment of customers may "notice a decrease in system performance”.

Windows 7 and Windows 8 PCs powered by Haswell or older processors will see a "decrease in system performance" for "most users".

As for customers running Windows Server, "Hold on to your butts":

Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

Despite the negative performance impact on customers, Myerson is making it clear that Microsoft is trying to be as transparent as possible with the entire patching process. "The security of the systems our customers depend upon and enjoy is a top priority for us," Myserson adds. "That’s why we’ve chosen to provide more context and information today and why we released updates and remediations as quickly as we could on Jan. 3. Our commitment to delivering the technology you depend upon, and in optimizing performance where we can, continues around the clock and we will continue to communicate as we learn more."

For its part, Intel has also chimed in on the performance impact of Meltdown and Spectre patches, writing:

Based on our most recent PC benchmarking, we continue to expect that the performance impact should not be significant for average computer users. This means the typical home and business PC user should not see significant slowdowns in common tasks such as reading email, writing a document or accessing digital photos. Based on our tests on SYSmark 2014 SE, a leading benchmark of PC performance, 8th Generation Core platforms with solid state storage will see a performance impact of 6 percent or less. (SYSmark is a collection of benchmark tests; individual test results ranged from 2 percent to 14 percent.)

The company goes on to state, "Our goal is to provide our customers with the best possible protection against the exploits while minimizing the performance impact of the updates. We plan to share more extensive information about performance impact when we can."