Security issue for Trusted Platform Module (TPM) on Surface devices

This article discusses the effect of the following security issue on Microsoft Surface devices:

Vulnerability in TPM could allow Security Feature Bypass

Microsoft has released firmware updates for the following products:

• Surface Pro 3: Microsoft Surface Pro 3 TPM Update Tool released June 8
• Surface Pro 4: Update released November 27
• Surface Studio: Update released December 7
• Surface Book: Update released January 10

Note Surface Hub was previously listed as an affected device. Additional investigation has determined that, in all known cases, Surface Hub isn't affected by this vulnerability. Therefore, Microsoft won't be releasing a firmware update for this device.

Microsoft cares deeply about making sure that your devices are reliable and secure. We’ve spent additional time in creating these updates to minimize interruptions and downtime for users and organizations.

The following devices aren't affected by this vulnerability

• Surface 3
• Surface Laptop
• Surface Pro Model 1796
• Surface Pro with LTE Advanced Model 1807
• Surface Book 2
• Surface Hub

For more information, see the following websites:

• Infineon TPM update
• NIST National Vulnerability Database topic CVE-2017-15361
• Updates for Surface Pro 4 and Surface Studio (07 December 2017)
• Install and use the Surface Pro 3 Trusted Platform Module (TPM) update tool

Note The third-party websites that this article discusses are hosted by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about these websites.