OK, so Spectre — and its associated vulnerability Meltdown — were identified and some aspects of dealt with by CPU microcode and OS patches. Unfortunately, in the case of Spectre, these fixes resulted in a loss of system performance. The good news is for Windows 10 users, an upcoming update will reduce the impact to “noise-level” (a few percentage points).
[referenced url=”https://gizmodo.com.au/2018/02/insecure-by-design-lessons-from-the-meltdown-and-spectre-debacle/” thumb=”https://gizmodo.com.au/wp-content/uploads/2015/08/intel_skylake_cpu.jpg” title=”Lessons From The Meltdown And Spectre Debacle” excerpt=”The disclosure of the Meltdown and Spectre computer vulnerabilities on January 2, 2018 was in many ways unprecedented. It shocked — and scared — even the experts.”]
A recent tweet from Mehmet Iyigun, Partner Development Manager on the Windows kernel team, provides a technical overview of the update:
Yes, we have enabled retpoline by default in our 19H1 flights along with what we call “import optimization” to further reduce perf impact due to indirect calls in kernel-mode. Combined, these reduce the perf impact of Spectre v2 mitigations to noise-level for most scenarios. https://t.co/CPlYeryV9K
— Mehmet Iyigun (@mamyun) October 18, 2018
Essentially, Microsoft is adopting a new approach, called “retpoline”, originally engineering and deployed by Google. The search giant wrote up an explanation of how it works earlier this year:
In response to the vulnerabilities that were discovered we developed a novel mitigation called “Retpoline” — a binary modification technique that protects against “branch target injection” attacks.
We shared Retpoline with our industry partners and have deployed it on Google’s systems, where we have observed negligible impact on performance.
As of writing, the fix has yet to be released to the wider public, but should find its way into Microsoft’s next round of updates.
[referenced url=”https://gizmodo.com.au/2018/03/intel-chips-designed-to-mitigate-spectre-and-meltdown-vulnerabilities-will-ship-later-this-year-ceo-says/” thumb=”https://i.kinja-img.com/gawker-media/image/upload/c_lfill,w_768/w9t8qlodxzdunq4ktcsa.jpg” title=”Intel Chips Designed To Mitigate Spectre And Meltdown Vulnerabilities Will Ship Later This Year, CEO Says” excerpt=”Intel has announced changes to its next-generation Xeon and Core processors intended to protect users against the near-universal Spectre and Meltdown vulnerabilities first disclosed in January.”]
[Twitter, via DSO Gaming]