Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Microsoft has released firmware updates for the newest Surface Pro models that address the Spectre and Meltdown vulnerabilities.
- Spectre and Meltdown continue to be a very real security threat. It's advised that Surface Pro owners update their devices immediately.
Microsoft's Spectre and Meltdown patch efforts continue, and the newest machines to receive critical updates are the latest models of the Surface Pro.
The specific models covered by the update are the Wi-Fi-only Surface Pro (model 1796) and the Surface Pro LTE Advanced (model 1807). Both models are receiving two updates, one that addresses Spectre and Meltdown and a second designed to improve battery life.
These updates are the latest in Microsoft's efforts to eliminate the major security issues posed by Spectre and Meltdown, vulnerabilities that affect every single modern computer powered by an Intel, ARM, or AMD processor. Previous patches have reached as far back as 32-bit versions of Windows 7, and firmware updates for specific machines continue to be released.
Spectre and Meltdown are a huge risk
Windows users can't afford to miss patches that address Spectre and Meltdown: Both flaws have the potential to lead to theft of personal data by an attacker reading information stored in the CPU's memory.
Compromising a computer vulnerable to Spectre and Meltdown could be as simple as visiting a website running a malicious script. With both operating system patches and firmware updates available to close security holes, finding yourself infected at this point is largely a matter of failing to follow good patching procedures.
SEE: IT leader's guide to reducing insider security threats (Tech Pro Research)
As of February 2018, over 130 Spectre and Meltdown malware variants have been found. Previous attacks have proven that patched vulnerabilities are still tempting targets to attackers, making the number of malware variants using Spectre and Meltdown almost certain to continue to grow.
Protecting your Surface Pro from Meltdown and Spectre
The Meltdown and Spectre Surface Pro firmware updates only affect two models of the device: 1796 and 1807. The easiest way to find out what model of Surface you have is to install the Surface app from Microsoft, or you can look on the bottom rear of your Surface for the serial number, which you can enter into Microsoft's Device Service and Repair website (Microsoft ID signing required).
Once you've verified you have one of the two affected Surface Pro models, updating its firmware is as simple as running Windows Update by launching the Settings app, clicking on Update & Security, and clicking Check For Updates.
The updates numbers in question, which will fix Spectre and Meltdown vulnerabilities as well as improving battery life, can be found at the first link in this article.
Microsoft reports that, along with improving battery life and device stability, the patches have no effect on performance.
- IT pro's guide to effective patch management (free PDF) (TechRepublic)
- Meltdown and Spectre: Is your PC vulnerable? (ZDNet)
- Massive Intel CPU flaw: Understanding the technical details of Meltdown and Spectre (TechRepublic)
- Linux performance before and after Meltdown and Spectre fixes (ZDNet)
- Spectre and Meltdown flaws being exploited by more than 100 strains of malware (TechRepublic)
Brandon Vigliarolo has nothing to disclose. He does not hold investments in the technology companies he covers.
Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.