Microsoft has released new firmware updates for some its Surface devices, including the Surface Pro 4, Book, Book 2, Laptop, and Laptop 2. The updates are available on devices running Windows 10 version 1803, or the April 2018 Update, and later.
The updates bring the Surface firmware to different versions depending on your device, but they all contain the same security fixes. The Surface Pro 4 gets version 108.2706.768.0, the Surface Book gets 91.2706.768.0, Surface Book 2 gets 389.2706.768.0, and both Surface Laptop models get 137.2706.768.0.
The security vulnerabilities addressed in this update are listed in the Microsoft security advisory 190013, which have to do with Microarchitectural Data Sampling. Specifically, it includes the following vulnerabilities:
- CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
In certain situations, these vulnerabilities could allow attackers to access privileged information that would otherwise be off-limits.
Microsoft warns that these vulnerabilities can affect other operating systems and vendors too, so you may want to see if your computer's manufacturer has issued any updates for this purpose. Google included similar fixes in its latest update to Chrome OS.