Spectre CVE-2017-5715 Meltdown CVE-2017-5754. Install Windows Server Patch

Play for me that post

Background

Spectre CVE-2017-5715 Meltdown CVE-2017-5754. Install Windows Server Patch

Finally on 4th of January 2018 Microsoft released patch for processors vulnerabilities. If you’re not sure what is background of that security issue check my last two posts:

  • Vulnerabilities summary for Spectre CVE-2017-5715 Meltdown CVE-2017-5754 – LINK
  • How to check with Powershell if your system is affected – LINK

In this article I will check once again vulnerability Spectre CVE-2017-5715 Meltdown CVE-2017-5754. Install Windows Server Patch will be performed to check effect and do performance test after that. Let’s see what will happen on Microsoft Windows 2016 with related path.

Information

After check system vulnerability with Powershell module, in PS window additional information was shown. There was also the LINK  Microsoft posted there solution to prevent security problem with processors. There is also table with available KB which should be installed:

Operating system version Update KB
Windows Server, version 1709 (Server Core Installation) 4056892
Windows Server 2016 4056890
Windows Server 2012 R2 4056898
Windows Server 2012 Not available
Windows Server 2008 R2 4056897
Windows Server 2008 Not available

In my case 4056890 KB is needed for Windows Server 2016. KB will be downloaded automatically on second Tuesday of Month. If we need to download it on demand just go to Update Catalog search for KB4056890 and choose correct patch version. Amount data to download is 1,2 GB.

Install Windows Server Patch for Spectre CVE-2017-5715 Meltdown CVE-2017-5754
Install Windows Server Patch for Spectre CVE-2017-5715 Meltdown CVE-2017-5754

Before and after patch installation I will do 3 things:

  1. Check vulnerability with Powershell,
  2. Test performance using PassMark Software,
  3. Test performance with SunSpider.

It should be great stuff to compare results.

Comparison before and after patch installation

Powershell vulnerability check BEFORE:

Powershell vulnerability check AFTER:

PassMark performance check BEFORE:

PassMark performance check AFTER:

SunSpider performance check before and after:

Conclusion

  1. Patch installation changed security values and Powershell check result is better after patch implementation,
  2. PassMark shown 2686 points before and 2207 after patch implementation. It’s around 18% less,
  3. SunSpider shown 150,5 ms before and 190,9 after patch implementation. It’s around 27% slower.

Unfortunately, values are not the best but also not that worse that I can expect. Internet said even about 60% difference in some cases. I have 18% and 27% change to worse. Is that a lot? For my virtual environment where I’m performing only tests – not really because I don’t even need that patch. But for real infrastructures? Think about yours environments and ask yourself…

Leave a reply:

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.