Microsoft has reported performance issues with computers and servers resulting from security patches for vulnerabilities in hardware chips from Intel and AMD.
Patches for the memory corruption flaws known as Spectre and Meltdown were first released on Jan. 3. The bugs could allow hackers to bypass operating systems and other security software to steal passwords or encryption keys on most types of computers, phones and cloud-based servers.
But in a blog post Tuesday, a Microsoft executive said the fixes were having an impact on performance, notably that of systems running on older Intel processors.
With Windows 10 on 2015-era PCs, “some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance,” while with Windows 8 and Windows 7 on 2015-era PCs, “we expect most users to notice a decrease in system performance,” Terry Myerson, executive vice president of Microsoft’s Windows and Devices Group, wrote in a blog post.
“A new exploit like this requires our entire industry to work together to find the best possible solutions for our customers,” he said. “The security of the systems our customers depend upon and enjoy is a top priority for us.”
Separately, Microsoft also said security updates have made Windows systems on computers using chipsets from AMD unbootable. As a result, it has temporarily suspended sending updates for some older processors.
The comments in the blog post “were the clearest signal from Microsoft that fixes for flaws in microchips from Intel and rivals described last week could meaningfully degrade performance,” Reuters said. “The topic is of keen interest to large data-center operators, which could incur significant cost increases if computers slow down.”
Another chipmaker, ARM Holdings, has estimated that about 5% of more than 120 billion chips its partners have shipped since 1991 was impacted by Spectre.
But Computerworld columnist Wally Leonhard questioned the rush to release patches, noting that “there are no known exploits for Meltdown or Spectre in the wild” and the vulnerabilities are “nowhere near being active ground-level threats for the vast majority of Windows customers.”