I've experienced this lately with a variety of Amazon Windows images. For example I will boot a 2016 image from this year vs one from last year and last year's will be significantly faster on the same hardware.
Its possible. I didn't run any numbers or look at patch levels. It just went from running AD FS flawlessly on one to being barely usable over RDP on the other. Now I'm interested and might have to dig up which AMIs I've been through.
https://en.wikipedia.org/wiki/Spectre_(security_vulnerabilit...