Microsoft said fixes for security flaws present in most processors may significantly slow down certain servers and dent the performance of some personal computers, the software maker’s first assessment of a global problem that Intel Corp. initially downplayed.
Microsoft’s statement suggests slowdowns could be more substantial than Intel previously indicated. While Intel Chief Executive Officer Brian Krzanich on Monday said the problem may be more pervasive than first thought, he didn’t discuss the degree of impact — only that some machines would be more affected than others.
Microsoft cautioned in a blog post that servers, the computers that underpin corporate networks, used for certain tasks may show “more significant impact.” Not all servers will be affected, it said. Microsoft, which didn’t provide specific numbers, said it is testing a variety of systems and will update users on what it finds.
PCs running Windows 10 and sold since 2016 will face slowdowns of less than 10 percent, which Microsoft said will probably not be noticeable to users. Customers with older Windows 10 PCs will notice some slowness because those machines contain older chips. Machines running Windows 7 and Windows 8 from 2015 or earlier will be the most affected with users noticing a decrease in system performance, Microsoft said.
On Jan. 3, Intel confirmed its chips contain a long-standing feature that makes them vulnerable to hacking. There are two main flaws, dubbed Meltdown and Spectre, and one or both are present in almost all of the billions of processors that run personal computers, servers and phones and could give attackers unauthorized access to data. The world’s largest technology companies are releasing software updates to patch these security holes, and there’s been intense debate about how much this will affect performance.
The increasingly dire assessments of the problem mean some customers will have to accept worsening computer performance in the name of security, forcing them to add more servers to get back to where they were before applying the security updates. It also shows the challenge of patching such widespread hardware flaws.
Intel has more than 99 percent market share in servers, and its chips are in more than 90 percent of laptops and 88 percent of desktops sold.
Krzanich said late Monday that patches from companies like Microsoft may slow computers. Previously, Intel had played down such concerns, saying tests showed minimal or no impact on performance, although certain unusual workloads may be slowed by as much as 30 percent.
In a statement on Tuesday, Intel maintained its stance that most typical PC users won’t see a “significant” impact. Based on tests of PCs using the latest components, slowdowns will be 6 percent or less, it said, while noting that results ranged from 14 percent to 2 percent.
It conceded that, for servers, the whole picture is not yet clear and said that slowdowns will vary according to the technique used to protect machines.
“We still have work to do to build a complete picture of the impact on data center systems,” Intel said. ” In some cases, there are multiple mitigation options available, each with different performance implications and implementation specifics.”
Microsoft is offering more data about the impact so its corporate customers can decide whether it is worth it to apply the security fixes. In certain cases, where servers aren’t at risk from data theft, companies may decide speed is more important than security.
“We’re also committed to being as transparent and factual as possible to help our customers make the best possible decisions for their devices and the systems that run organizations around the world,” Windows chief Terry Myerson wrote in the blog.
Microsoft Corp. temporarily suspended some updates to Windows operating systems for PCs with chips from Advanced Micro Devices Inc. after users who were installing the patches had trouble turning their machines on, or had computers freeze.
The greatest noticeable impact will be on the server computers that underpin corporate data centers and systems in cases where customers store their data in house, Microsoft said. In that area, even small deficits in performance can be magnified because those machines handle a large volume of actions that require talking to the impacted part of the chips.
Microsoft has said most customers of its Azure cloud-computing service will see no noticeable impact. The company has updated its cloud systems to work around the flaw by taking such steps as isolating cloud servers dedicated to one client from those storing the data of other clients. The fixes don’t work in all cases, and the other remedies Microsoft is offering may indeed hurt performance.
If existing systems slow, customers may need to purchase more servers just to get back to where they were before patches were applied, an extra cost that is likely to further arouse the ire of Intel customers.