Microsoft says security patches slowing down PCs and servers

SAN FRANCISCO: Microsoft Corp said on Tuesday that software patches released to guard against microchip security threats slowed down some personal computers and servers, with systems running on older Intel Corp processors seeing a noticeable decrease in performance.
The comments in a blog post were the clearest signal from Microsoft that fixes for flaws in microchips from Intel and rivals described last week could meaningfully degrade performance.
The topic is of keen interest to large data centre operators, which could incur significant cost increases if computers slow down.
Microsoft also said that security updates froze some computers using chipsets from Intel rival AMD, dragging AMD’s shares down nearly 4 per cent.
Shares in Intel, which reiterated on Tuesday that it saw no sign of significant slowdown in computers, fell 2.5 per cent taking the loss since the issue surfaced last week to about 7 per cent or around $15 billion in market value.
AMD shares have gained nearly 20 per cent in the last week as investors speculated that the chipmaker could wrest market share from Intel, whose chips were most exposed to the security flaws.
Security researchers disclosed the flaws on January 3 that affected nearly every modern computing device containing chips from Intel, AMD and ARM Holdings, owned by Japan’s SoftBank Group Corp.
“We (and others in the industry) had learned of this vulnerability under nondisclosure agreement several months ago and immediately began developing engineering mitigations and updating our cloud infrastructure,” Microsoft executive Terry Myerson wrote in a blog post on Tuesday.
Internet and networking equipment maker Cisco Systems Inc said in a security advisory updated on Tuesday that it has identified 18 vulnerable products, including some of its blade servers, rack servers and routers, and expects to have patches for servers in about five weeks, on February 18.
Cisco said it is also looking for problems in nearly 30 other products, including switches and routers.
The majority of Cisco’s products were not vulnerable because they are “closed systems that do not allow customers to run custom code on the device,” it said.
The memory corruption flaws, named Meltdown and Spectre, could allow hackers to bypass operating systems and other security software to steal passwords or encryption keys on most types of computers, phones and cloud-based servers.
ARM Holdings estimated that around 5 per cent of more than 120 billion chips its partners have shipped since 1991 was impacted by Spectre.
It said the number of chips affected by Meltdown was significantly less.
“ARM will address Spectre in future processors but there will need to be an ongoing discipline in the design of secure systems which needs to be addressed through both software and hardware,” a company spokesman said in an e-mailed statement.— Reuters