Microsoft has released a June 2019 UEFI firmware update with security fixes for its Surface models (Surface Laptop 1 and 2, Surface Pro 4 and Surface Book 1 and 2).
The updates are available on devices running Windows 10 version 1803 and later. Here is an overview of firmware updates for each device type that address potential security vulnerabilities, including Microsoft Security Advisory ADV190013 (Microarchitectural Data Sampling vulnerabilities):
- CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
Depending on the device, they receive different firmware versions
- Surface Laptop 1 und 2: Surface UEFI – Firmware 137.2706.768.0
- Surface Book: Surface UEFI – Firmware 91.2706.768.0
- Surface Book 2: Surface UEFI – Firmware 389.2706.768.0
- Surface Pro 4: Surface UEFI – Firmware 108.2706.768.0
To get the update, go to Update & Security -> Windows Update in the Settings app of Windows 10 and click the Check for Updates button. (via)
Bowman has notified me with the Tweet below with some hints, what else the firmware contains.
SP5(2017) and SP6 also got firmware updates. @Surface is ridiculously slow in publishing timely documentation, but I “understand” that in addition to security fixes, the new firmware FINALLY supports battery limit functionality in UEFI, altho not yet documented.
— Barb Bowman 🌷 (@barbbowman) 29. Juni 2019