With the cumulative update KB4494441 for Windows 10 version 1809 (updated October 2018) and Windows Server 2019, Microsoft has also automatically released Retpoline protection technology in clients. This compilation technology developed by Google is intended to protect against the attacks of Specter V2 (CVE-2017-571) – without the performance losses associated with the corresponding microcode updates by processor manufacturers.
This step had been foreseen for a longer time, because already by the end of 2018, Microsoft had announced the acquisition of Google's Retpoline technology in Windows 10 version 1903. Subsequently it was announced that a backport for Windows 10 V1809 would be made. In March 2019, the backward technique was indeed with the cumulative update KB4489899 for Windows 10 V1809 retrofitted. However, Microsoft has not yet enabled this protection. However, the administrators were able to activate Retpolines experimentally via a registry value. At the same time, Microsoft announced it would activate Retpoline later for Windows 10 version 1809 automatically.
The Windows 10 1809 cumulative update recently released with Retpoline Protection against Specter V2 brings massive performance losses, particularly to gamers.
This was done by the cumulative update KB4494441. However, the subtleties must be noted: With KB4494441 from May 2019, the log entries required for retrop activation are set automatically only in client versions. In server versions of the operating system, Retpoline remains disabled by default. Therefore the administrators still have the freedom of choice and can activate or deactivate the Retpoline protection through corresponding registry entries. Everything worth knowing, including the description of registry values, is available in Microsoft Document ADV180002.
In addition, Microsoft has added Techcommunity's contribution "Mitigating Specter variant 2 with Retpoline on Windows" for more information. In addition to indicating that Retpoline will be activated automatically only for clients, the machine must also support Specter V2 protection.
In addition, Microsoft has also updated post support 4073119. Here you will find an overview of all Microsoft security measures against speculative side channel attacks with links to support articles with the details required for activation or deactivation of the respective measures protective.
. (tagsToTranslate) Microsoft (t) Retpoline (t) Specter V2 (t) Windows (t) Windows 10