The Specter and Meltdown revelations shook the tech world and sent stock markets reeling. The flaws behind the two vulnerabilities are part of the design of modern microprocessors and require software patches. Unfortunately, these software patches will cause significant performance drops for specific workloads. The question is, do you need to download a patch?
The primary method of patch distribution for these two flaws is through manufacturers. Unfortunately, Intel had to pull its patch due to bugs. If you got a patch from your vendors, like HP or Dell, then you will need to install the patch from Microsoft immediately. Intel is pulling the patches due to buggy behavior, and Microsoft was quick to provide a fix for the fix.
If you downloaded the update from Windows Update directly, then you have nothing to worry. There is a second patch for a variant of Specter, but it is not an urgent fix and will come with your regular updates. Microsoft says there is no sign of any attacks using the new flaw:
“As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers.” It continues to suggest that “Windows customers, when appropriate, reenable the mitigation against [Spectre variant 2] when Intel reports that this unpredictable system behavior has been resolved for your device.”
If you have not done any patching since the disclosure, you will need to download and patch for any computer made after 2011.