"We’ve discussed Intel’s fixes for Meltdown and Spectre many times over the past few months. AMD’s overall exposure to these specific flaws is known to be lower, but the smaller CPU manufacturer has taken more time to deliver certain fixes than Intel has. Today, solutions for AMD CPUs are also starting to roll out, courtesy of Microsoft’s Patch Tuesday.
First, a bit of primer. Variant 1 and Variant 2 apply to Spectre; the Variant 3 attack is classified as Meltdown and did not impact AMD CPUs. AMD has previously distributed patches for Variant 1 via Microsoft, but Variant 2 required a heavier lift for both Intel and AMD.
The update, KB4093112, contains a number of security fixes. Here’s the section relevant to AMD.
Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context (See AMD Architecture Guidelines around Indirect Branch Control and AMD Security Updates for more details). Follow instructions outlined in KB4073119 for Windows Client (IT Pro) guidance to enable usage of IBPB within some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
This is a write only MSR that both GP faults when software reads it or if software tries to write any of the bits in 63:1. When bit zero is written, the processor guarantees that older indirect branches cannot influence predictions of indirect branches in the future. This applies to jmp indirects, call indirects and returns. As this restricts the processor from using all previous indirect branch information, it is intended to only be used by software when switching from one user context to another user context that requires protection, or from one guest to another guest.
Tech Report has done some quick spot checks on the performance impact of enabling these features and concluded the hit is less than 3 percent. AMD chips seem to be less impacted overall than Intel cores, though recent Intel chips took a relatively small hit in most workloads. The Variant 2 patch is available for motherboards dating back as far as the original Bulldozer in 2011; AMD has not stated if it will provide fixes for Phenom II or earlier cores. Like Intel, the company may have run into problems with motherboard manufacturer support.
As with Intel, just the Microsoft patch won’t fix this problem. You’ll also need a new UEFI or BIOS from your motherboard vendor. Keep an eye out for these updates; they’ll need to be applied for the patch to function. And the fun may just be starting — Spectre wasn’t one attack, or even two attacks. It represents an entire class of new attacks, all of which target the specific behavior of microprocessors to trick them into performing operations they shouldn’t. We could be cleaning up this mess for years to come."
Honestly I don't even see Spectre as a threat, and considering how long it went unexploited, hackers don't either, although I'm sure a few hackers in the CIA, MI5, and other intelligence agencies were not happy about this coming to light.
My laptop is an older rig, Lenovo X220 with an i5-2550m CPU which is sandy bridge
I keep my UEFI BIOS secure with a strong password and I also use bitlocker to protect my SSD etc
Sadly motherboards usually lack a TPM so using bitlocker is clumsy in the extreme
By securing my machine, windows 10 1803 more or less is reasonably secure against most known threats