This week, two new security CPU vulnerabilities have been all over the news. The new vulnerabilities, called Meltdown and Spectre, gives apps unauthorized read access to a computer’s kernel memory on chips from Intel, AMD, and ARM due to a flaw in the processor design. Most companies–including Microsoft–have already released patches for the vulnerabilities across all their products and cloud services.
Today, Microsoft is releasing a new UEFI update for its Surface line of devices to protect users against Meltdown and Spectre. The updates to the Surface UEFI are rolling out to users with the following Surface devices:
- Surface Pro 3
- Surface Pro 4
- Surface Book
- Surface Studio
- Surface Pro Model 1796
- Surface Laptop
- Surface Pro with LTE Advanced
- Surface Book 2
Microsoft mentions the danger posed by the vulnerabilities are “significantly reduced” on the Surface Hub, which comes with a different version of Windows (Windows 10 Team), but Redmond will continue to closely monitor to the Surface Hub and release patches if needed. “The Surface team is focused on ensuring our users have a secure and reliable experience and will continue to monitor and update devices as needed to address this vulnerability,” the company stated.
Microsoft continues to closely monitor all of its other products, Windows, and its cloud services, along with working with OEMs and chip makers to protect users against Meltdown and Spectre. “Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues to work closely with industry partners including chip makers, hardware OEMs, and app vendors to protect customers,” the software maker noted on a security support page.