Even more mitigations included in Surface updates

Feb 21, 2018 06:08 GMT  ·  By

Microsoft has just shipped a new firmware update for Surface Pro 3, and the focus appears to be on addressing the Meltdown and Spectre hardware vulnerability disclosed in early January.

The company says in the official changelog that this new firmware version comes with Surface UEFI 3.11.2350.0, which “resolves potential security vulnerabilities, including Microsoft security advisory 180002.”

The security advisory that Microsoft’s pointing to refers to Meltdown and Spectre and it was published in January when it rolled out emergency patches for the two flaws aimed at Windows users. The bulletin has received several updates since then, as Microsoft continues work on Meltdown and Spectre mitigations in order to keep users protected.

New Spectre Variant 2 patches?

Surprisingly, however, the software giant hasn’t updated the Surface Pro 3 update history page with information on the new firmware, and a post on TechNet indicates that users can download it from the Surface Pro 3 Drivers and Firmware page. Oddly enough, the most recent update posted here is version 1.0 dated January 24, 2018, so no sign of the February release just yet.

Also, the linked Meltdown and Spectre bulletin doesn’t seem to include any information regarding a Surface Pro 3 update, and the latest changes were made on February 13 when Microsoft released new cumulative updates for Windows 10 with more mitigations for the two chip flaws.

The firm hasn’t provided any specifics as to what’s included in this new security update. Intel has recently published revised patches for Spectre Variant 2 on Skylake chipsets, but the Surface Pro 3 comes with Haswell, which hasn’t yet received any new security updates for this particular vulnerability.

We have reached out to Microsoft to ask for more information on this new firmware update for the Surface Pro 3 and will update the article if an answer is provided.