Breaking
BreakingAl JazeeraUK Court Jails Palestinian Action Activists on Terrorism Charges· a minute agoBreakingAl JazeeraPutin Acknowledges Ukrainian Attacks Affecting Russian Economy and Society· a minute agoBreakingScreenRantUniversal Developing Jurassic World Rebirth Sequel, Writer David Koepp Provides Update· 9 minutes agoBreakingIndieWireSteven Conrad Reflects on 'DTF St. Louis' Success and Audience Connection· 9 minutes agoBreakingDeadline HollywoodRonnie Schell, 'Gomer Pyle: USMC' Actor, Dies at 94· 9 minutes agoBreakingReddit r/worldnewsUAE Reportedly Pays Iran $3 Billion, Agrees to Release More Funds to Halt Attacks· 15 minutes agoBreakingNDTV WorldFord Recalls Over 255,000 Focus Cars Due to Engine Stall Risk· 21 minutes agoBreakingDecrypt CryptoAI Agents Remain Vulnerable to Prompt Injection Attacks, Study Finds· 25 minutes agoBreakingFrance 24British Prime Minister Faces Political Challenge After Defense Resignations· 25 minutes agoBreakingABC News AustraliaBritish Defence Secretary Resigns Over Spending Shortfalls Amid Nuclear Concerns· 30 minutes agoBreakingAl JazeeraUK Court Jails Palestinian Action Activists on Terrorism Charges· a minute agoBreakingAl JazeeraPutin Acknowledges Ukrainian Attacks Affecting Russian Economy and Society· a minute agoBreakingScreenRantUniversal Developing Jurassic World Rebirth Sequel, Writer David Koepp Provides Update· 9 minutes agoBreakingIndieWireSteven Conrad Reflects on 'DTF St. Louis' Success and Audience Connection· 9 minutes agoBreakingDeadline HollywoodRonnie Schell, 'Gomer Pyle: USMC' Actor, Dies at 94· 9 minutes agoBreakingReddit r/worldnewsUAE Reportedly Pays Iran $3 Billion, Agrees to Release More Funds to Halt Attacks· 15 minutes agoBreakingNDTV WorldFord Recalls Over 255,000 Focus Cars Due to Engine Stall Risk· 21 minutes agoBreakingDecrypt CryptoAI Agents Remain Vulnerable to Prompt Injection Attacks, Study Finds· 25 minutes agoBreakingFrance 24British Prime Minister Faces Political Challenge After Defense Resignations· 25 minutes agoBreakingABC News AustraliaBritish Defence Secretary Resigns Over Spending Shortfalls Amid Nuclear Concerns· 30 minutes ago
Fainaron logoFainaron
Home/Technology
Technology
Source: Slashdot

Microsoft Patches Surface Firmware Flaw That Could Brick Devices

Microsoft has been quietly patching a firmware flaw in its Surface devices that allowed hardware to be rendered inoperable, or "bricked," by a single data packet. This vulnerability primarily affected devices where Secure Core and Secure Boot features were disabled. The flaw was inadvertently identified by Australian security researcher Jack Darcy using Microsoft's Copilot AI software, which generated a Python script that overwrote the embedded controller firmware. Microsoft has released updates for most impacted devices and is transitioning the Surface stack to a more secure architecture based on Rust code.

By Fainaron·Jun 12, 2026 (an hour ago)·1 views
Microsoft Patches Surface Firmware Flaw That Could Brick Devices

Microsoft has addressed a firmware flaw in its Surface devices that, under specific conditions, allowed the hardware to be bricked with a single packet. This vulnerability affected devices where Secure Core and Secure Boot security features had been disabled.

The issue was discovered by security researcher Jack Darcy in Australia. His instance of Microsoft Copilot, when asked to adjust screen backlighting on a Surface device, inadvertently generated a Python script. This script then rendered the researcher's laptop inoperable by overwriting the embedded controller firmware, sending raw SSAM ioctl commands directly to the SAM microcontroller.

Microsoft confirmed that an investigation found a deprecated UEFI interface could trigger a boot loop on some devices. To exploit this, a user would need administrator privileges and the Secure Boot feature disabled. The company has released updates to address this issue for most affected devices.

Managed devices are not considered at risk. However, individuals using Linux, Windows users who have disabled Secure Core and Secure Boot (e.g., for gaming), those using custom Windows drivers, or users with USB boot enabled, may still be vulnerable if their systems have not yet received the necessary updates.

The flaw appears to affect a range of Surface models, including Surface Laptops 3-6 and Surface Book 1-3, but not Surface Go models. ARM variants were not tested for this vulnerability.

In response to security concerns and for future reliability, Microsoft plans to shift the Surface stack to a more secure architecture. This new foundation will be based on Rust code, with initiatives like Secure EC for embedded controller firmware and Project Patina for rewriting the UEFI DXE Core. Microsoft is also developing Windows Drivers in Rust (WDR) to enhance security and reliability across its hardware ecosystem.

According to Slashdot, these efforts are open-source, promoting transparency as a key security principle for Microsoft.

Advertisement

AdSense slot • inline

#microsoft#surface#firmware#security#vulnerability#copilot#rust#secure boot
Source attribution: This article was AI-curated and rewritten by Fainaron from a piece originally published by Slashdot. Read the original at Slashdot →

More like this

Tony-Nominated Alex Brightman Stars in 'There Are No Ghosts at the Grand,' Game Wins Tribeca Award
Technology
6 minutes ago

Tony-Nominated Alex Brightman Stars in 'There Are No Ghosts at the Grand,' Game Wins Tribeca Award

Broadway actor and singer Alex Brightman has been announced as the voice of Chris, the lead character in the upcoming game "There Are No Ghosts at the Grand." Brightman, a two-time Tony nominee, is known for his roles in "School of Rock" and "Beetlejuice." This announcement follows the game's recent win of the top prize at the 25th anniversary Tribeca Games Festival in New York City. Developed by British studio Friday Sundae, the "musical Lovecraftian renovation" game emphasizes a collaborative and improvisational development process.

IGN
Anthropic and OpenAI Engaged in "Bitter Battle" for AI's Future
Technology
6 minutes ago

Anthropic and OpenAI Engaged in "Bitter Battle" for AI's Future

A significant rivalry is unfolding in the artificial intelligence sector, described as a "bitter battle" between leading AI companies Anthropic and OpenAI. This intense competition is centered on the future direction and development of artificial intelligence technology. The two entities are key players in the evolving landscape of AI.

Yahoo Finance
DJI and Insta360 Engaged in Patent Battle Over Vlogging Cameras
Technology
9 minutes ago

DJI and Insta360 Engaged in Patent Battle Over Vlogging Cameras

Leading camera manufacturers DJI and Insta360 are currently involved in a legal dispute. Both companies have filed lawsuits and counter-lawsuits against each other concerning their respective vlogging camera technologies.

Engadget
FromSoftware Director Reassures Fans Amid Shareholder Pressure, Teases Unannounced Titles
Technology
9 minutes ago

FromSoftware Director Reassures Fans Amid Shareholder Pressure, Teases Unannounced Titles

Hidetaka Miyazaki, creator of Dark Souls and Elden Ring, has assured fans that FromSoftware maintains creative freedom despite increased shareholder presence by activist investor Oasis Management Company in parent company Kadokawa. Miyazaki stated the studio can "freely make the kind of games we want to make without excessive interference." Oasis, which now holds the largest stake in Kadokawa, has raised concerns about the valuation of FromSoftware's contributions and has called for changes in leadership.

IGN

By the numbers

Fainaron — live counters

Updated every 30 seconds. Automatically — no human edits.

Total Articles

0

Visitors Today

0

This Month

0

Lifetime Visitors

0

Article Views

0

Pageviews Today

0

Pageviews Lifetime

0

Last 30 Days

0

as of 6/12/2026, 7:52:47 PM