Since January 2018, the Surface team has been publishing firmware updates for a new class of hardware vulnerabilities that involve speculative execution side channels. The Surface team has not received any information to indicate that these vulnerabilities have been used to attack customers currently, and the team continues to work closely with the Windows team and industry partners to protect customers. To get all available protection, both firmware and Windows system updates are required.
Surface hub has implemented defense-in-depth strategies. For more information, see the following topic on the Windows IT Pro Center website:
Because of this, we believe that exploits that use these vulnerabilities are significantly reduced on Surface Hub.
The Surface team is focused on making sure that our users have a secure and reliable experience. We will continue to monitor and update devices as required to address these vulnerabilities and keep the devices reliable and secure.