Surfaces get firmware updates with security fixes

Microsoft has released a June 2019 UEFI firmware update with security fixes for its Surface models (Surface Laptop 1 and 2, Surface Pro 4 and Surface Book 1 and 2).


The updates are available on devices running Windows 10 version 1803 and later. Here is an overview of firmware updates for each device type that address potential security vulnerabilities, including Microsoft Security Advisory  ADV190013 (Microarchitectural Data Sampling vulnerabilities):

  • CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS)
  • CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
  • CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Depending on the device, they receive different firmware versions

  • Surface Laptop 1 und 2: Surface UEFI – Firmware 137.2706.768.0
  • Surface Book: Surface UEFI – Firmware 91.2706.768.0
  • Surface Book 2: Surface UEFI – Firmware 389.2706.768.0
  • Surface Pro 4: Surface UEFI – Firmware 108.2706.768.0

To get the update, go to Update & Security -> Windows Update in the Settings app of Windows 10 and click the Check for Updates button. (via)

Bowman has notified me with the Tweet below with some hints, what else the firmware contains.



This entry was posted in devices, Security, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *