Notable performance drops will be seen in processors running on Haswell because of Spectre Patch

Microsoft is addressing unusual of the performance subdividing for fixing patches to relieve the Meltdown and Spectre vulnerabilities. Windows Chief Terry Myerson describes three escapades (two for Spectre, one for Meltdown) that have been approached using a sequence of silicon microcode updates and changes to the Windows operating system:

  • Variant 1 (Spectre): CVE-2017-5753 (Bound Check Bypass)
  • Variant 2 (Spectre): CVE-2017-5715 (Branch Target Injection)
  • Variant 3 (Meltdown): CVE-2017-5754 (Rogue Data Cache Load)

For Variant 1, Microsoft has realized compiler changes and precompiled binaries that are now determined in Windows Update. The software organization has also fortified both Internet Explorer 11 and the Microsoft Edge browser toward JavaScript exploits. Variant 2 involves calling new processor directions to prevent risky scenarios involving branch speculation. Variant 3 isolates both the kernel and the user form page tables. Of the three alternatives, only the second requires a corresponding microcode update on the host computer.

Now for any good news and bad news. We’ll get the great news out of the way first and tell you that Alternative 1 and Variant 3 will have “minimal production impact” for users. However, bad news comes with the announcement that the mitigation protocols put in place with Variant 2 can have an intense effect on system performance, particularly for users working on Haswell (or older) processors on Windows 10 and Windows Server customers (regardless of what processor being used).

  • Windows 10 PCs with Skylake, Kaby Lake or anything current may see “single-digit slowdowns”, but for most users, the impact will be minimal.
  • Windows 10 PCs with Haswell or older processors will see “more significant slowdowns” and Microsoft notes that a portion of customers may “notice a decrease in system performance”.
  • Windows 7 and Windows 8 PCs powered by Haswell or older processors will see a “reduction in system performance” for “most users”.

As for consumers running Windows Server, “Hold on to your Hands”:

Windows Server on any silicon, especially in any IO-intensive application, shows a more important performance impact when you enable the reductions to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance and balance the security versus performance tradeoff for your situation.