Enable Retpoline on Windows 10 1809 and Server right now

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Microsoft has tested Retpoline, a new mitigation method against Spectre variant 2 by Google, on Windows 10 Insider Builds for some time now. The company brought Retpoline to Windows 10 version 1809 by including it in the March 1 cumulative update KB4482887 for the version of Windows 10.

Tip: use the free InSpectre program for Windows check the vulnerability status.

Retpoline promises improved performance compared to the previous mitigation method used by Microsoft in its operating systems. Microsoft monitored the performance of Windows 10 systems and determined that Retpoline improved the launch time of Office applications by about 25% among other benefits.


When all relevant kernel-mode binaries are compiled with retpoline, we’ve measured ~25% speedup in Office app launch times and up to 1.5-2x improved throughput in the Diskspd (storage) and NTttcp (networking) benchmarks on Broadwell CPUs in our lab



Retpoline is not enabled by default on production devices even though it is included in the March 1 update. Microsoft plans to roll out the mitigation over the course of the coming months.

Administrators who don't want to wait can enable Retpoline right away provided that the devices run Windows 10 version 1809 and have the latest cumulative update installed.

Microsoft employee Mehmet Iyigun describes the process on the Tech Community site. Note that it is recommended that you back up the system and data before you apply the change.


Windows 10 Clients

regpoline windows 10


Note: Microsoft did not enclose the Registry key path with "". If you copy paste Microsoft's command you will receive an error.
  1. Open an elevated command prompt, e.g. by opening Start, typing cmd.exe, right-clicking on the result, and selecting run as administrator.
  2. Run the following two commands:
    1. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x400
      1. When prompted to overwrite the existing value, select Y for yes.
    2. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x400
      1. When prompted to overwrite the existing value, select Y for yes.
  3. Restart the PC.
Alternative: use the following Registry file to make the change with a double-click on it: Regpoline Windows 10 Client

registry edited


Windows 10 Server
  1. Open an elevated command prompt.
  2. Run the following two commands:
    1. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x400
    2. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x401
  3. Restart the PC.
And here is the Registry file for Windows 10 Server versions: Windows 10 Server Regpoline
Note that you can make the changes in the Registry editor directly as well if you prefer to do so.


Verification

retpoline


You may use the Get-SpeculationControlSettings PowerShell cmdlet to verify the status of Retpoline. BTIKernelRetpolineEnabled and BTIKernelImportOptimizationEnabled should be returned as True in the output.

Microsoft notes that Skylake and newer generations of Intel processors are not compatible with Retpoline; these will only return BTIKernelImportOptimizationEnabled as enabled when the command is run.

Source: Enable Retpoline on Windows 10 1809 and Server right now - gHacks Tech News
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Had subtle mouse lag which I didn't attribute to this KB at first. First time I ever uninstalled a Windows update but full mouse performance is back. Winver is down to 17763.107 from the uninstall. May evaluate and reinstall from catalog if the fix is not issued until April--which is when the new OS is supposedly coming out. Hmmm. :unsure:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top