Microsoft details performance impact of Spectre and Meltdown fixes on Windows PCs

Microsoft recently pushed out a patch for Windows 10 users designed to address the processor vulnerabilities which is involved in the Meltdown and Spectre exploits. There were some reports that the these bug fixes may cause significant performance impact on some systems. Intel has, however, said for most tasks performance impact should be minimal. Microsoft has now tested the performance impact for Windows PCs and gave the below summary.

  • With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
  • With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
  • With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
  • Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

Microsoft also provided the reason why Windows 10 PCs has less performance impact when compared to Windows 7 PCs even with same hardware. Read it below.

For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel.

Microsoft has mitigated the Spectre and Meltdown issue through the following changes on Windows and silicon microcode.

Exploited Vulnerability CVE Exploit
Public Vulnerability Name Windows Changes Silicon Microcode Update ALSO Required on Host
Spectre 2017-5753 Variant 1 Bounds Check Bypass Compiler change; recompiled binaries now part of Windows UpdatesEdge & IE11 hardened to prevent exploit from JavaScript No
Spectre 2017-5715 Variant 2 Branch Target Injection Calling new CPU instructions to eliminate branch speculation in risky situations Yes
Meltdown 2017-5754 Variant 3 Rogue Data Cache Load Isolate kernel and user mode page tables No

Microsoft says that that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact. Microsoft is currently support 45 editions of Windows and the above patches are now available for 41 of them through Windows Update. The silicon microcode update will be released by Intel or AMD through OEMs. Surface devices will receive this update starting today.

Learn more about this issue from the source link below.

Source: Microsoft