Author Topic: Windows 10 Spectre 2 Mitigation Now Uses Retpoline By Default  (Read 147 times)

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35126
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
If you currently have mitigations enabled for the Spectre Variant 2 (CVE-2017-5715) vulnerability, Microsoft has now enabled the Retpoline Spectre mitigation feature by default in Windows 10 version 1809 (October 2018 Update) for better performance.

When Microsoft released mitigations for the Spectre vulnerabilities they caused a performance hit on older computers. To provide a better solution, Microsoft had been testing new mitigation called Retpoline in Windows 10 Insider builds that would protect the computer but without the negative side effect of decreased performance.

In March we reported that Microsoft had ported the Retpoline feature to Windows 10 version 1809, but it was not enabled by default. Instead, users had to manually enable Retpoline in order to take advantage of this new feature.

Microsoft announced today that if you currently have mitigations enabled for the Spectre Variant 2 (CVE-2017-5715) vulnerability, Retpoline will be enabled by default under the following conditions:

• Spectre, Variant 2 (CVE-2017-5715) mitigation is enabled.

   ○ For Client SKUs, Spectre Variant 2 mitigation is enabled by default

   ○ For Server SKUs, Spectre Variant 2 mitigation is disabled by default. To realize the benefits of
      Retpoline, IT Admins can enable it on servers following this guidance.

Quote
Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True  

Windows OS support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is enabled: True

BTIKernelRetpolineEnabled                : True

BTIKernelImportOptimizationEnabled  : True

• Supported microcode/firmware updates are applied to the machine.

For those who did not enable these mitigations because you were concerned about the performance hit, you can now enable them by following the instructions in this Microsoft support article.

In related news, new MDS speculative execution vulnerabilities were disclosed today called ZombieLoad, RIDL, and Fallout.

source
« Last Edit: May 15, 2019, 11:51:47 AM by javajolt »