Microsoft to roll out new patches for Spectre security flaw based on Google's Reptoline fix

Microsoft goes with Google after its own Spectre mitigations caused big performance hits

Microsoft is to roll-out new fixes for the Spectre CPU security flaw by adopting Google's Reptoline fix.

The decision comes more than a year after the security flaw was first publicised and after Microsoft's own operating system-level fixes caused performance hits of up to 30 per cent, depending on the workload.

Google's Reptoline mitigation for Spectre, in contrast, barely affects performance. Although Google proposed it as a universal fix at the time, Microsoft developed its own mitigations for Windows 7, 8, 8.1 and 10 instead. These, though, proved to be clunkier. Now, Microsoft appears to have conceded defeat and will use Google's Reptoline in future editions of Windows 10.

Although it was technically possible for Microsoft to have done this a lot sooner. In fact, the framework was all ready to go in Build 1809, it was decided to do some more refinement work on integrating it first.

Early Insider versions of Windows 10 19H1, due out in the next few weeks, will apparently have Retpoline enabled by default and will reduce Spectre mitigation to background noise, confirmed by Mehmet Iyigun of the Windows Kernel team in response to a query from a user.

Spectre was first publicised in January 2018, along with Meltdown, although earlier reports in The Register had hinted at the CPU-level security flaws. Indeed, it transpired that the flaws had been known about in 2017, but that fixes had not been forthcoming.