I don't know if everyone is aware but in order for the Windows patches to turn on there has to be a firmware update for your system. This will likely be a BIOS update as the BIOS updates CPU microcode on EVERY BOOT. No firmware update no protection.
There is far too much mis-information going on. This is not the case with Windows 10. What the software patch does putting it in simple terms is it puts it in software mode, so that a lot of the processing takes place in software rather than using the CPU. This in turn means there could be a loss of performance depending of course what tasks you are doing (though people have not seen much slow down).
Once the bios patch has been applied it goes back into hardware mode and there should not be any performance loss at all and everything should return to normal.
I would like to believe that but I don't because MS has produced a PS script to test your machine to see if it has been protected. Here is the results of my main machine.
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]
* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : False
As you can see from the script for branch target injection the patch is not enabled due to no hardware support which means a BIOS update for me which on a 2008 motherboard is going to be unlikely.
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80/20 Meg Fibre
Current Sync: 79993/19661