Microsoft rolls out firmware updates to its Surface Pro on a near-monthly basis, and some are bigger than others. March's improvements are more important than most, mitigating a security flaw and improving battery reliability.
Though many will be tempted to skip security updates, this is an essential one. The update addresses three execution side-channel vulnerabilities, also known as Meltdown and Spectre.
The bug occurs due to a CPU shortcut called speculative execution. Essentially, the processor sends a scout ahead of its tasks to guess which path it will take next. This lets the CPU perform more quickly, bit comes with recently discovered risks.
Google's Project Zero found a way to exploit this process and piggyback off the scout. By following its path, hackers can discover the information it collects, including keypresses and personal data.
Surface Pro Firmware Update Notes
To solve this issue and improve battery life, Microsoft is rolling out the following changes:
- “Surface Pro LTE Advanced:
- Surface System Aggregator Firmware – Firmware: 234.2110.770.0 resolves potential security vulnerabilities, including Microsoft security advisory 180002.
- Surface System Aggregator Firmware – Firmware: 234.2110.1.0 improves battery reliability.
- Surface Pro:
Surface UEFI – Firmware: 233.2110.770.0 resolves potential security vulnerabilities, including Microsoft security advisory 180002.
Surface System Aggregator Firmware – Firmware: 233.2111.256.0 improves battery reliability.”
These should be paired with updates to your browser and other software to ensure your computer is safe. The main method of attack is through the browser, so make sure you have the latest version of Edge.
You can read the full patch notes on the Microsoft site and find more about the security risk here.