The continued response to the challenges presented by the Meltdown and Spectre speculative execution vulnerabilities has been somewhat overshadowed by all of the shiny new hardware on display in Las Vegas this week, but technology companies are still working to sort out the matter. Terry Myerson, the Executive VP of Microsoft's Windows and Devices Group wrote a blog post about Redmond's response to the vulnerabilities with a prediction of what users of new and old Intel CPUs can expect in terms of performance impact after the patches.
Microsoft expects that most users of Windows 10 on Skylake and newer CPUs won't notice the small reduction in performance that will come with the microcode and software patches. The company says those running Windows 10 on PCs with Haswell and older chips will see more significant slowdowns in benchmarks and that "some users" will notice the loss in speed.
The picture is less rosy when it comes to those running anything other than the latest desktop version of Windows. Microsoft thinks "most users" will notice a decrease in system performance on 2015 and older machines running Windows 7 or Windows 8 or 8.1. Worse still, Windows Server shows "a more significant performance impact" on machines old and new alike, especially in IO-intensive applications. Mitigations to isolate untrusted code on Windows Server systems carry a burden. Microsoft says admins will need to carefully evaluate the risk of untrusted code on each individual Windows Server instance to maintain a balance between speed and security.
The blog post splits Spectre into two variants. Microsoft says that the first, Bounds Check Bypass, can be mitigated with compiler and other software changes that Microsoft has already made available. Redmond says users will need changes to Windows code and a silicon microcode update to protect systems from the second variant, the Branch Target Injection exploit. Meanwhile, Meltdown's Rogue Data Cache Load vulnerability can be avoided by isolating kernel and user mode page tables, which it has already patched into most supported editions of Windows. Overall, the company says patches are in place on 41 of 45 supported Windows editions.