Pierluigi Paganini January 09, 2018

Microsoft officially confirmed that Meltdown and Spectre patches could cause noticeable performance slowdowns contrary to what initially thought.

Just after the disclosure of the Meltdown and Spectre vulnerabilities, many security experts argued that forthcoming patches will have a significant impact on the performance (30% degradation), but Intel pointed out that average users will not notice any difference.

“Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time.” continues Intel.

“While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing and improvement of the software updates should mitigate that impact.”

Intel confirmed that extensive testing conducted by tech giants (Apple, Amazon, Google, and Microsoft) to assess any impact on system performance from security updates did not reveal negative effects.

Unfortunately, someone has underestimated the problem and Microsoft Windows patches for the CPU flaws will cause noticeable performance degradation, with most severe impact on Windows servers as well as Windows 7 and 8 client machines.

Microsoft published a blog post that confirmed that Windows servers will experience noticeable performance slowdowns, as will Windows 7 and 8 client machines running older processors (2015-timeframe PCs with Haswell or older CPUs).

The good news is that newer Windows 10 platforms won’t experience perceptible performance degradation.

Below Microsoft’s findings related to performance degradation caused by the installation of Meltdown/Spectre patches.

• With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
• With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
• With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
• Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

Microsoft announced it is working to solve the problem and the situation appears critical for Windows servers.

Microsoft has patched 41 of its 45 Windows versions and is going to release the remaining four issues as soon as possible.

Microsoft requires entire industry to work together to find the best possible solutions for customers affected by vulnerabilities like Spectre and Meltdown.

Pierluigi Paganini

(Security Affairs –  Spectre flaws,  hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]