Patching Windows for Spectre and Meltdown: A complete guide

With newly disclosed Spectre and Meltdown variants, it’s time to review the risk they present your Windows systems and the steps needed to patch them.

1 2 Page 2
Page 2 of 2
  • Slowdowns for Windows 10 on 2016-era PCs with Skylake, Kabylake or newer CPUs are in the single-digit percentages—not enough of a change for most users to notice according to Microsoft.
  • With Windows 10 on 2015-era PCs with Haswell or older CPUs, some benchmarks show more significant slowdowns, and Microsoft expects some users to notice a performance decrease.
  • With Windows 8 and Windows 7 on 2015-era PCs with Haswell or older CPUs, Microsoft expects most users to notice a decrease in system performance.
  • Windows Server on any silicon, especially in any I/O-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance.

Spectre and Meltdown lesson: We need a better way to update firmware

The Spectre and Meltdown disclosures have showcased the need for a better process to deploy firmware updates remotely. It’s difficult with a remote workforce to reliably patch machines with firmware updates. Purchasing system hardware that allows remote access before the operating system boots (such as Dell’s iDRAC or HP’s iLO) ensures that you can get into the operating system even under the booting platform.

Many vendors now supply firmware in a package or ISO file that can be installed via a running Windows platform. The BIOS update is staged and then the patch is installed as the system is rebooted. A system administrator should ensure that they have the ability to patch and reboot systems, and to service them in whatever deployment environment that the business needs.

Copyright © 2018 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 hot cybersecurity trends (and 2 going cold)