Microsoft details impact of Meltdown/Spectre fixes for Windows, warns of performance slowdowns

Laurent Giret

Microsoft, enterprise, partners

Microsoft, Intel and PC manufacturers are still dealing with the Meltdown and Spectre CPU vulnerabilities these days, and contrary to Intel’s reassuring statements from last week, the fixes will have a performance impact, especially on older PCs. Microsoft chose to be transparent today, with Executive Vice President of the Windows and Devices Group Terry Myerson addressing the issue head-on in a detailed blog post.

The good news is that for Windows 10 PCs with modern Intel processors, the Windows security patches plus the additional firmware updates necessary for addressing a specific variant of the Spectre vulnerability won’t have a big impact on performance. However, for Windows 10 PCs with Intel Haswell CPUs or older as well Windows 8 and 7 systems using these same old processors, the performance impact will be much more significant. Moreover, Myerson added that the software and firmware updates may also cause a “more significant performance impact” on servers.

Here is a summary of what Microsoft’s latest research revealed:

  • With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
  • With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
  • With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
  • Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

Overall, owners of modern Windows 10 PCs shouldn’t see a big difference after installing the software patches plus the Intel firmware updates. “For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation,” Myerson explained. “Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel.”

A couple of days ago, Intel announced its plans to release firmware updates for 90% of processors from the past five years by the end of this week. Today, the company added in a press release that it will issue updates to the remaning 10% by the end of January, and also release patches for other products thereafter. “Based on our most recent PC benchmarking, we continue to expect that the performance impact should not be significant for average computer users,” the company explained. “This means the typical home and business PC user should not see significant slowdowns in common tasks such as reading email, writing a document or accessing digital photos.”

Terry Myerson wasn’t as optimistic today, and the exec promised that Microsoft will publish all of its data on benchmark performance in the coming weeks. “We’re also committed to being as transparent and factual as possible to help our customers make the best possible decisions for their devices and the systems that run organizations around the world,” Myerson added.