Earlier this year two major vulnerabilities were discovered which affected the core processes of the computer. Named as Spectre and Meltdown, these “speculative execution” vulnerabilities meant hackers could steal data by simply visiting a website.
Though there were no known incidents of these vulnerabilities being exploited in the wild, the processor microcode patches could have up to a 30% impact on the performance of PCs that have been patched.
Various tech companies have been working on mitigation for this, and in Microsoft’s latest move, they are working to implement Retpoline in the next major version of Windows 10, 19H1 due early next year.
Yes, we have enabled retpoline by default in our 19H1 flights along with what we call "import optimization" to further reduce perf impact due to indirect calls in kernel-mode. Combined, these reduce the perf impact of Spectre v2 mitigations to noise-level for most scenarios. https://t.co/CPlYeryV9K
— Mehmet Iyigun (@mamyun) October 18, 2018
Kernell experts explain:
Retpoline as a mitigation strategy swaps indirect branches for returns, to avoid using predictions which come from the BTB, as they can be poisoned by an attacker. The problem with Skylake+ is that an RSB underflow falls back to using a BTB prediction, which allows the attacker to take control of speculation.
For the rest of us it means that Spectre will no longer make our processors feel 5-10 years older than they are, and in general cause Spectre mitigation to only have an impact of 1-2%, or as Mehmet Iyigun from the Windows Kernel team notes, bring it down to “noise level” for most use cases, which is certainly good news.
Some are however complaining that Microsoft does not appear to be planning to backport the fix, meaning Windows 10 users will need to update to the latest version of the OS to get their performance back, which is somewhat controversial, especially for business users who prefer a well-tested and stable OS.
Are our readers looking forward to this fix? Let us know below.