Windows 10 (1709) June 12, 2018 Security Update (Speculative Store Bypass)

[valeman2012]

https://support.microsoft.com/en-us/help/4284819/windows-10-update-kb4284819

This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

• 
  Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
  
  Includes additional performance improvements.
  
  Addresses an issue in Microsoft Edge that causes incorrect responses to XML requests.
  
  Adds support for the SameSite cookie web standard to Microsoft Edge and Internet Explorer.
  
  Addresses an issue with Internet Explorer that prevents it from using an updated version of location services.
  
  Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode
  when BitLocker is enabled, but Secure Boot is disabled or not present. This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:
  
  Temporarily suspending BitLocker.
  Immediately installing firmware updates before the next OS startup.
  Immediately restarting the device so that BitLocker doesn’t remain in the suspended state.
  
  Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows Desktop Bridge, Windows apps, Windows shell, Windows storage and filesystems, Windows app platform and frameworks, Windows virtualization and kernel, Windows wireless networking, and Windows Server.

• 
  

Will this Windows 10 Update actually improve performance even if you enable the Store Bypass Security Protectiob?

 

[Eximo]

I'm not entirely sure of your question. Those fixes are more likely to have a performance impact. They are security changes, and they will be enabled if you install the update.

 

[valeman2012]

I'm not entirely sure of your question. Those fixes are more likely to have a performance impact. They are security changes, and they will be enabled if you install the update.

The Speculative Store Bypass Protection disabled by default as stated on the update i think.

 

[Eximo]

Ah. Still not sure about your question though. If you turn it on you will almost certainly lose performance, or outright stability.

Updating Windows is not about performance, those kind of improvements are usually targeted for major releases. You could update to 1803, though that depends a little on your environment. Not much reason not to if it is a personal computer.

 

[valeman2012]

Ah. Still not sure about your question though. If you turn it on you will almost certainly lose performance, or outright stability.

Updating Windows is not about performance, those kind of improvements are usually targeted for major releases. You could update to 1803, though that depends a little on your environment. Not much reason not to if it is a personal computer.

No Chance i upgrading the Unstable version 1803, this version is troublesome...from SSD boot issues to normal boot issues to blue screen...I know they been 100% forcing to install that version, but i disable the windows services/hid that update.

I will stick with 1709 until the next Creators Update. (After Version 1083 - assuming is stable)

__
Are you going update and enable the Speculative Security protection from the updates?

 

[Eximo]

Probably not at home. My gaming machine contains no personal information, so worst case they could boost the password for my gaming clients. My HTPC is already running 1803 with zero issues. And my laptop is running 8.1 until I get around to installing Windows 10 manually, though I have no real need to upgrade it. Just use it to run a Windows XP VM for my old equipment.

 

[valeman2012]

Probably not at home. My gaming machine contains no personal information, so worst case they could boost the password for my gaming clients. My HTPC is already running 1803 with zero issues. And my laptop is running 8.1 until I get around to installing Windows 10 manually, though I have no real need to upgrade it. Just use it to run a Windows XP VM for my old equipment.

No Known Attacks..
I mean hackers can simply use those security threats to hack your personal information. You can be buying something for $5 on a official retailer site end up losing lot of money, cause of those side channels attacks.

 

[Eximo]

I don't think no known attacks is right, pretty sure they are known and do work against even the latest Windows, really a hardware issue.

I'm not too concerned about that honestly. I don't own a credit card (I think they are the most corrupt aspect of our society), so they aren't likely to be able to do anything worse than steal what is on my debit card, which I can dispute. Multi-factor authentication is still pretty hard to get through. Plenty of ways to steal my identity without resorting to what is on my PC as well. Taking out loans in my name, etc, would be worst case, and I could potentially fight that.

My mother's identity has been stolen twice and the IRS kept pestering her for taxes owed on jobs she never had. Took a while, but it was eventually sorted. Luckily no loans, etc. They just used it to get jobs.

I should be more worried about the software on my smart phone really. I have no idea what is on that thing. And also vulnerable to side channel attacks as I understand it.

 

[valeman2012]

Yea i going update to latest Build of Windows 10 (Ver 1709) and not enable the store bypass protection. This Spectre Security flaw has larger performance impact than the 1st one.

I assume once fully patched security threats side channels flaws...my performance of my processor will match the previous generation. i5 7600 (security patched fully) becomes a 5 6600 (unpatched)