Microsoft working with partners on reducing slowdown

May 22, 2018 06:29 GMT  ·  By

Intel’s security fiasco doesn’t seem to come to an end, as security researchers from Google and Microsoft discovered a new vulnerability similar to the Meltdown and Spectre flaws that were disclosed in early January.

Called Speculative Store Bypass Disable (variant 4 / SSBD), this security bug impacts all systems with Intel, AMD, and ARM chips. And while patches are already on their way to devices, the worst thing is that they’re going to cause a certain performance impact, though at this point the slowdown can’t be accurately determined.

Intel has confirmed that its firmware updates could slow down systems, saying that the fixes will ship to devices off by default, virtually leading to no difference in terms of performance.

“If enabled, we’ve observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems,” Leslie Culbertson, Intel’s security chief, explained.

Patches to land in the coming weeks

Microsoft itself says it’s already working with partners, including here Intel and AMD, to reduce the performance hit on Windows devices, explaining that most browsers, like Microsoft Edge and Internet Explorer, already come with mitigations that not necessarily address the vulnerability, but make it harder to be exploited.

“At the time of publication, we are not aware of any exploitable code patterns of this vulnerability class in our software or cloud service infrastructure, but we are continuing to investigate,” Microsoft said.

While no ETA is available for the new patches, Intel says device manufacturers have already received beta versions in advance of a public rollout sometime in the next few weeks.

“SSBD provides additional protection by providing a means for system software to completely inhibit a Speculative Store Bypass from occurring if desired. Most major operating system and hypervisors will add support for Speculative Store Bypass Disable (SSBD) starting as early as May 21, 2018,” Intel says.