It is expected that the published patches have a considerable impact on the performance of the systems, which could reach 30% - 35% overload, for this reason it is recommended to evaluate the performance of the affected systems to avoid availability problems. The Meltdown is the most complex to patch because of the high impact on the performance of the processors.
Vulnerabilities are distinguished in three variants
- Variant 1 - Spectre (CVE-2017-5753): Bounds check bypass. It affects AMD, ARM and Intel processors. AMD confirms that it will be mitigated through patch for operating system and does not expect significant impact on performance.
- Variant 2 - Spectre (CVE-2017-5715): branch target injection: Proof of concept executed successfully on Intel Xeon Haswell processors. AMD indicates that the differences in its architecture mean that the risk of exploitation in its processors is almost 0.
- Variant 3 - Meltdown (CVE-2017-5754): rogue data cache load. Proof of concept executed in Intel Haswell Xeon successfully. AMD confirms that its architecture is not vulnerable to this variant. The patch for this variant, according to the original discoverers, is expected to have an impact indicated above regarding performance.
The patch released by Microsoft should arrive automatically to all users and we can get it from Windows Update. Three patches have been released for Windows 10 depending on the version:
- Windows 10 Fall Creators Update, with patch KB4056892 (Build 16299.192)
- Windows 10 Creators Update, with patch KB4056891 (Build 15063.850)
- Windows 10 Anniversary Update, with patch KB4056890 (Build 14393.2007)
Users of Windows 7 and Windows 8.1 will receive the update next Tuesday, although they can search for the update manually.
Those responsible for the Linux Kernel have also gotten to work to release patched versions of it that correct the Meltdown and Spectre vulnerabilities. In kernel.org we can find the patched versions of the Linux kernels 4.14.11, 4.9.74, 4.4.109, 3.16.52, 3.18.91 and 3.2.97.
The Android security patches of January 2018 correct multiple vulnerabilities, including the Intel Meltdown and Specter vulnerabilities, AMD and ARM processors. Google claims that it has not been able to reproduce Specter on Android devices, but in any case, has implemented a series of controls that limit attack vectors on ARM processors.
The version of macOS 10.13.2 includes a series of fixes for the vulnerabilities that affect the kernel. However, more security patches will be included with macOS 10.13.3, currently in beta.
Microsoft Confirms the impact on the performance of the update. No additional information about the expected behavior is available, so it is recommended to take extreme precautions in the process.
Links of interest
To get more info from our specialist please fill our contact form.