Windows 10 Update – Performance Fix for Spectre Bug[bleepingcomputer]
by CIRT Team
Microsoft has released the Windows 10 KB4482887 cumulative update for build 1809 that includes numerous fixes including Retpoline Spectre mitigation, a fix for an annoying Action Center bug, and numerous other bug fixes.
This update is available to all Windows 10 October 2018 Update (build 1809) users and can be installed through Windows Update. To install the update, simply go into Settings -> Update & Security -> Windows Update and then check for new updates.
We have outlined the most important changes in the new Window 10 cumulative update below.
Retpoline Spectre v2 mitigations
In January 2018, Google disclosed CPU vulnerabilities called Spectre and Meltdown that use speculative execution side channels to allow processes to access the memory of other programs that they would not normally have access to. This could allow malicious programs to steal data such a decryption keys, master passwords in password management programs, or sensitive emails that are being read from other program.
As these bugs are caused by the hardware design of CPUs, processor manufacturers had to release microcode updates that exposed instructions that could be used to mitigate these vulnerabilities. When Microsoft utilized these new CPU capabilities to release a Spectre fix, though, some users, especially those running older CPUs, found that the fixes caused a performance performance hit in Windows.
As explained by a new Microsoft article on retpoline, Microsoft has been working on a new fix that utilizes a mitigation called retpoline that was discovered by Google, which prevents a processor from entering “unsafe speculative execution”.
“A full description of retpoline can be found here, but in short, retpoline works by replacing all indirect call or jumps in kernel-mode binaries with an indirect branch sequence that has safe speculation behavior.”
While still not as fast as not using mitigations at all, Microsoft has stated that the retpoline mitigations are much faster than Microsoft’s original fixes. In order to use these mitigiations users will need to be using an AMD processor or Intel Broadwell processors and earlier.
For more, click here.