Microsoft Implements RetPoline Fix for Windows 10

This may take some explaining.

Back in January 2018, the computing industry was rocked by the announcement of the Spectre and Meltdown CPU vulnerabilities. These were Meltdown and Spectre Variant 1 and 2. If you want to read my summary of these vulnerabilities, please read my blog post here.

Because of the way Spectre variant 2 was patched, CPU’s older than the Intel SkyLake CPU’s suffered a serious performance issue. At the same time, Google devised an alternate patch that they called ‘RetPoline’ (Reverse Trampoline). This was a little more refined and mitigated the vulnerability as well as most of the performance issues.

Microsoft said last year they were going to implement the RetPoline fix on Windows, and an update this month has put in place the fix for windows 10 v1809 (or the October 2018 update). You can read the full blog post on this from Microsoft here and the detailed technical brief here.

This only applies to Windows 10 v1809 and onwards. The fix will not be applied to Windows 8 or 7, or earlier versions of Windows 10. This is also available for Windows Server, but I am unsure exactly which versions (I suggest you talk to your Microsoft Partner for more information).

This also only applies to the Intel Broadwell (generation 5) and earlier CPU’s, and all AMD CPU’s. If you are on Skylake or later, you won’t get this patch due to the way the microcode works on these later CPU’s.

Who does this affect? Well, if you have a PC with an earlier CPU running Windows 10, then you will see some performance improvements. If you want to see if your CPU is already patched, I suggest you download this neat little tool by Gibson Research. This tool also allows you to switch off the Spectre mitigations and recover the performance.

It should be noted that the Meltdown and Spectre vulnerabilities have never been documented as being exploited in the wild. The biggest impact of these vulnerabilities is in data centres running VM’s (and who doesn’t these days). So as a PC user on these earlier CPU’s, you could reasonably switch off the patches. I will post to this blog any changes in this advice and if these vulnerabilities are found to be exploited in the wild.


Headline image provided by ShutterStock

Comments are closed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: