Customers who use Surface products have to apply both firmware and software updates to protect against speculative execution side-channel vulnerabilities. For more information about the security mitigation, see the following security advisory:
The Surface team is aware of a new publicly disclosed class of vulnerabilities known as “speculative execution side-channel attacks” that affect many modern processors and operating systems, including Intel, AMD, and ARM.
For additional information about Windows software updates, see the following Knowledge Base article:
4073119 Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues to work closely with industry partners, including chipmakers and application vendors, to protect customers. To get all available protections, hardware or firmware updates and software updates are required. This includes microcode and, in some cases, updates to AV software.
In addition to installing the January 3 Windows Operating System Security Updates, Surface has released UEFI updates via Windows Update and the Download Center for the following devices:
- Surface Book 2 - (Update history)
- Surface Laptop - (Update history)
- Surface Studio - (Update history)
- Surface Pro 4 - (Update history)
- Surface Book - (Update history)
- Surface Pro Model 1796 + LTE - This update is currently being validated.
These updates are available for devices running Windows 10 Creators Update (build 15063) and Windows 10 Fall Creators Update (build 16299).
Note Surface hub has implemented defense in depth strategies. For more information, go to the following topic on the Microsoft website:
Because of this, we believe that exploits that use these vulnerabilities are significantly reduced on Surface Hub. We will continue to monitor and update Surface Hub as required to address these vulnerabilities and keep the device reliable and secure.
The Surface team is focused on making sure that our users have a secure and reliable experience. We will continue to monitor and update devices as required to address these vulnerabilities.
Note On Monday, January 22, Intel released a statement announcing that they have identified the root cause of the unexpected restart issues in Haswell and Broadwell processors, including the processors that are used in Surface Pro 3. In addition to this discovery, guidance was provided to OEMs stating that fixes that were developed by following the earlier understanding of the vulnerabilities could cause reduced system stability. According to the recommendation from Intel, development of the current Surface Pro 3 fix has been stopped and the preview files have been removed from Download Center access. A new fix is under development that follows updated guidance from Intel. The new fix will be announced when it is available.
If you have installed the preview version of the Surface Pro 3 driver and firmware updates, SurfacePro3_Win10_15063_1801002_1_Preview.msi, and you are experiencing increased instability, see KB4078130 for instructions about how to disable these fixes until updated versions become available.