Since January 2018, the Surface team has been publishing firmware updates for a class of silicon-based issues that involve microarchitectural and speculative execution side-channel vulnerabilities. The Surface team continues to work closely with the Windows team and industry partners to protect customers. To get all available protection, both firmware and Windows system updates are required.
__
Vulnerabilities announced in June 2022
The Surface team is aware of new silicon-based microarchitectural and speculative execution side-channel attack variants that also affect Surface products. For more information about the vulnerabilities and mitigations, see the following security advisory:
__
Vulnerabilities announced in May 2019
The Surface team is aware of new speculative execution side-channel attack variants that also affect Surface products. Mitigation of those vulnerabilities requires an operating system update and a Surface UEFI update that includes new microcode. For more information about the vulnerabilities and mitigations, see the following security advisory:
Microsoft Security Advisory ADV190013This advisory includes the following vulnerabilities:
Surface 3 - July 11, 2019 update
Surface Pro 3 - July 11, 2019 update
Surface Pro 4 - June 27, 2019 update
Surface Book - June 27, 2019 update
Surface Studio - July 11, 2019 update
Surface Pro (5th Gen) - June 27, 2019 update
Surface Laptop - June 27, 2019 update
Surface Book 2 - June 27, 2019 update
Surface Pro 6 - June 27, 2019 update
Surface Laptop 2 - June 27, 2019 update
Surface Studio 2- July 31, 2019 update
Surface GO WiFi - July 23, 2019 update
Surface GO LTE - July 23, 2019 update
In addition to the new microcode, a new UEFI setting that is known as “Simultaneous Multi-Threading (SMT)” will be available when the UEFI update is installed. This setting allows a user to disable Hyper-Threading.Notes
If you decide to disable Hyper-Threading, we recommend that you use the new SMT UEFI setting.
Disabling SMT provides additional protection against these new vulnerabilities and the L1 Terminal Fault attack that was announced earlier. However, this method also affects the performance of the device.
Surface 3 and Surface Studio with Intel Core i5 do not have SMT. Therefore, those devices do not have this new setting.
The Microsoft Surface Enterprise Management Mode (SEMM) UEFI configurator tool version 2.43.139 or later supports the new SMT setting. The tools can be downloaded from this webpage. Download the following required tools:
__
Vulnerability announced in August 2018
The Surface team is aware of a new speculative execution side-channel attack called L1 Terminal Fault (L1TF) and assigned CVE-2018-3620 (OS and SMM) and CVE-2018-3646 (VMM). Affected Surface products are the same as in the “Vulnerabilities Announced in May 2018” section of this article. The microcode updates that mitigate the May 2018 findings also mitigate L1TF (CVE-2018-3646). For more information about the vulnerability and mitigations, see the following security advisory:
__
Vulnerabilities announced in May 2018
The Surface team has become aware of new speculative execution side-channel attack variants that also affect Surface products. Mitigation of those vulnerabilities requires UEFI updates that use new microcode. For more information about the vulnerabilities and mitigations, see the following security advisories:
__
Vulnerabilities announced in January 2018
The Surface team is aware of the publicly disclosed class of vulnerabilities that involve speculative execution side-channel (known as Spectre and Meltdown) that affect many modern processors and operating systems, including Intel, AMD, and ARM. For more information about the vulnerabilities and mitigations, see the following security advisory:
The Surface Hub operating system, Windows 10 Team, has implemented defense-in-depth strategies. Because of this, we believe that exploits that use these vulnerabilities are significantly reduced on Surface Hub when running Windows 10 Team operating system. For more information, see the following topic on the Windows IT Pro Center website: Differences between Surface Hub and Windows 10 Enterprise. The Surface team is focused on making sure that our users have a secure and reliable experience. We will continue to monitor and update devices as required to address these vulnerabilities and keep the devices reliable and secure.
__
Third-party information disclaimer
We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.