Surface models get firmware update to block exploits

Jan 5, 2018 05:34 GMT  ·  By

Microsoft has just released firmware updates for its Surface device lineup in order to address the Meltdown and Spectre vulnerabilities discovered in Intel, AMD, and ARM hardware.

While the company has already shipped updates for Windows 10, Windows 8.1, and Windows 7 in order to prevent systems from being attacked, Microsoft is now pushing dedicated firmware updates for Surface models to make sure none of its devices are exposed, though the company admits in a support document that it’s not aware of any attacks happening right now.

“Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time,” Microsoft explained in the advisory.

“Microsoft continues to work closely with industry partners including chip makers, hardware OEMs, and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and in some cases updates to AV software as well.”

Surface Hub already protected

UEFI updates are shipped to Microsoft Surface Pro 4, Surface Pro 4, Surface Book (original model and second generation), Surface Pro (both standard and with LTE), Surface Laptop, and Surface Studio. The updates are available only if Windows 10 Creators Update (version 1703) or Windows 10 Fall Creators Update (version 1709) is installed.

What’s important to know is that Microsoft is rolling these updates via Windows Update in stages, so not all devices might get it at first, though it shouldn’t take too long before this happens. Download links are also posted on the Microsoft Download Center, yet the company recommends to double-check before downloading to make sure you are getting the correct and the most recent firmware version.

As for the Surface Hub, Microsoft says it already comes with defense-in-depth strategies and the device is secure against the Meltdown and Spectre vulnerabilities.

“Because of this, we believe exploits using this vulnerability are significantly reduced on Surface Hub. We care deeply about ensuring that Surface Hub is reliable and secure. We will continue to monitor and update Surface Hub as needed to address this vulnerability,” the firm says.

If you’re looking for ways to patch your system, check out our complete guide on how to stay protected against Meltdown and Spectre vulnerabilities on Windows.