As Intel execs continue to play down the effects of their patches for Spectre and Meltdown, Microsoft has shared some tentative statistics about the effects the patches will have. The Executive Vice President of the Windows and Devices Group, Terry Myerson, said that the data published so far didn’t include operating system and silicon updates. So far they(Microsoft) have published 41 patches and 4 more are scheduled for release soon.
He said this after mentioning that in addition to a Windows update, a need would arise for a silicon microcode update to counter the second variant of the Spectre attack.
Three mitigations have been proposed to address all three variants of attack possible. Variant one(Bounds Check Bypass) and three(Rogue Data Cache Load) will have little impact, while the second( Branch Target Injection) will have a significant impact.
According to him, Windows 10 users on 2016 and later CPU’s wont notice much change. Windows 10 users running hardware from 2015 backwards will definitely feel the effects.
Due to their having a different architectural design, Windows 7 and 8 will be the most affected by the patches. The legacy design had more transitions from Ring 0 to Ring 3 and vice-versa. All font rendering in those systems was done in the kernel.
He concluded by stating that: “For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation.” All the juicy details can be found in a blog the Microsoft executive published here.
Some online providers are using the the bugs as an excuse for the under-performance of their systems. The company behind the popular online game Fortnite issued a statement in which they said: “All of our cloud services are affected by updates required to mitigate the Meltdown vulnerability”. Attached is the graph they used to support their claims.
A coder has released a Python utility to check speculative execution side-channel attacks on your PC.