Microsoft Says Security Patches Slowing Down PCs
Microsoft said on Tuesday the patches released to protect against Meltdown and Spectre security threats slowed down some personal computers and servers, mainly those running on older Intel processors.
The security updates also froze some computers running AMD chipsets, Microsoft said in a blog post, citing customer complaints.
"We had learned of this vulnerability under nondisclosure agreement several months ago and immediately began developing engineering mitigations and updating our cloud infrastructure," Microsoft executive Terry Myerson wrote in a blog post.
Security researchers disclosed the flaws on Jan. 3 that affected nearly every modern computing device containing chips from Intel, AMD and ARM Holdings.
Meltdown and Spectre are two memory corruption flaws that could allow hackers to bypass operating systems and other security software to steal passwords or encryption keys on most types of computers, phones and cloud-based servers.
Intel claims that a typical home and business PC user should not see significant slowdowns in common tasks such as reading email, writing a document or accessing digital photos.
Based on Intel's most recent PC benchmarking on SYSmark 2014 SE, a benchmark of PC performance, 8th Generation Core platforms with solid state storage will see a performance impact of 6 percent or less.
However, Intel admitted that ultimately, the overall impact will depend on the specific workload, platform configuration and mitigation technique. In some cases there are multiple mitigation options available, each with different performance implications and implementation specifics.
The chipmaker said last week that fixes for security issues in its microchips would not slow down computers, rebuffing concerns that the flaws would significantly reduce performance.
Rival AMD had also played down the threat, saying its products were at "zero risk" from the Meltdown flaw, but that one variant of the Spectre bug could be resolved by software updates from vendors such as Microsoft.
But on Tuesday AMD said it was aware of an issue with some older-generation processors following the installation of a Microsoft security update that was published over the weekend.
Apple also released an updated version of its operating system software on Monday to fix the security flaw.
ARM Holdings Plc., whose technology is at the heart of most major mobile phone components, said about 5 percent of chips made using its designs and intellectual property are vulnerable to Spectre.
"ARM will address Spectre in future processors, but there will need to be an ongoing discipline in the design of secure systems, which needs to be addressed through both software and hardware," ARM said in a statement. "In the meantime, we're encouraging individual users to follow good security practices and reach out to their device-maker to get the latest software updates with Spectre mitigations."
Any exposure to Meltdown would be even lower, the company said.