Since we learned about the Meltdown and Spectre security vulnerabilities in many modern processors for computer, servers, and phones, it’s been very clear that any patch will have a noticeable impact on performance.
Although we knew that after applying software and firmware updates to mitigate these new vulnerabilities could slow down PCs up to 30 percent, we didn’t have clear information about the real performance impact.
However, Microsoft’s Executive Vice President of the Windows and Devices Group, Terry Myerson has published a new article at the Microsoft Secure blog unveiling how much the updates to mitigate Meltdown and Spectre can slow down your PC.
According to the company, here’s a summary detailing the performance impact depending on the processor model:
- Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPUs), benchmarks show single-digit slowdowns, but Microsoft doesn’t expect most users to notice a change because these percentages are reflected in milliseconds.
- Windows 10 on older silicon (2015-era PCs with Haswell or older CPUs), some benchmarks show more significant slowdowns, and Microsoft expects that some users will notice a decrease in system performance.
- Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPUs), Microsoft expects most users to notice a decrease in system performance.
- Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.
The software giant also notes the reason why Windows 7 and Windows 8 users will be more affected than Windows 10 users:
On newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions due to legacy design decisions, such as all font rendering taking place in the kernel.
Although it’s an unfortunate problem that affects millions of devices, the good news is that the industry has come together to help mitigate the vulnerabilities. In the PC world manufacturers are slowly rolling out firmware updates, while Microsoft has already stepped up and released emergency updates to mitigate the Spectre and Meltdown problems through the following changes:
Exploited Vulnerability | CVE | Exploit Name | Public Vulnerability Name | Windows Changes | Silicon Microcode Update ALSO Required on Host |
---|---|---|---|---|---|
Spectre | 2017-5753 | Variant 1 | Bounds Check Bypass | Compiler change; recompiled binaries now part of Windows UpdatesEdge & IE11 hardened to prevent exploit from JavaScript | No |
Spectre | 2017-5715 | Variant 2 | Branch Target Injection | Calling new CPU instructions to eliminate branch speculation in risky situations | Yes |
Meltdown | 2017-5754 | Variant 3 | Rogue Data Cache Load | Isolate kernel and user mode page tables | No |
At the time of this writing, Microsoft supports 45 editions of Windows of which 41 already have been patched using Windows Update. The company also notes that the mitigations for variant 1 and variant 3 will only have a minimal performance impact, but patching variant 2 will significantly affect performance. (If you’ve received the updates, make sure to check out this guide to learn the steps to protect your Windows 10 computer.)
It’s worth noticing that the Meltdown and Spectre vulnerabilities primarily affect Intel processors. Advanced Micro Devices (AMD) processors are only affected by the variant 2 of Spectre, which can be easily fixed through software update.