OK, so Specter – and the associated Meltdown vulnerability – have been identified and some aspects of CPU microcode and operating system patches handled. Unfortunately, in the case of Specter, these corrections resulted in a loss of system performance. The good news is for Windows 10 users, an upcoming update will reduce the impact on "noise levels" (a few percentage points).
Lessons from the meltdown and Specter Debacle
The disclosure of the weak points of the Meltdown and Specter computer on January 2, 2018 was unprecedented in many ways. It shocked – and shocked – even the experts.
A new Tweet from Mehmet Iyigun Partner Development Manager of the Windows Kernel Team, provides a technical overview of the update:
Yes, we have repoline by default in our 19H1 flights along with what we call "import optimization" to further reduce the impact of kernel-mode indirect calls. When combined, these reduce the effects of Specter v2 attenuation on noise levels for most scenarios. https://t.co/CPlYeryV9K
– Mehmet Iyigun (@mamyun) October 18, 2018
In essence, Microsoft is pursuing a new approach called "retpoline", originally developed and implemented by Google. The search giant wrote an explanation of how it works earlier this year:
In response to the vulnerabilities found, we developed a novel mitigation called "retpoline" – a binary modification technique that protects against "branch target injection" attacks.
We shared Retpoline with our industry partners and used it on Google's systems, where we've seen a negligible impact on performance.
At the time of release, the fix has not been released yet, but should be found way into Microsoft's next round of updates.
Intel chips designed to relieve Specter and meltdown Uncertainties will ship later this year, CEO says
Intel has announced changes to its next-generation Xeon and Core processors to protect users from the near-universal Specter and Meltdown vulnerabilities first released in January.