Microsoft Surface Flaw Allowed Unprotected Devices To Be Bricked By a Single Packet 21
Longtime Slashdot reader Dotnaught shares a report from The Register: For the past 90 days, Microsoft has been quietly patching a firmware flaw in Surface devices that allowed the hardware to be bricked with a single packet, though only for those who have disabled Secure Core and Secure Boot. And the company's Copilot AI software inadvertently helped identify the faulty firmware.
According to Jack Darcy, a security researcher based in Australia, his instance of Microsoft Copilot stumbled across the bug after being asked to adjust the screen backlighting on a Surface device. The Copilot-conjured Python script ended up rendering the researcher's laptop inoperable by overwriting the embedded controller firmware. "Copilot autonomously created and executed four progressively aggressive Python scripts during a probe for backlight control values that sent raw SSAM ioctl commands (SSAM_CDEV_REQUEST = 0xC028A501) directly to the SAM microcontroller through the SAM software path," Darcy explained to The Register.
[...] "We appreciate the work of Jack Darcy and The Register for reporting this issue under a coordinated vulnerability disclosure," a Microsoft spokesperson said in a statement. "Our investigation found that a deprecated UEFI interface could trigger a boot loop on some devices. To trigger this loop, the user must have administrator privileges and have already disabled the Secure Boot security feature. We have released updates to address the issue for most impacted devices."
That means managed devices are not at risk. But those using Linux, or Windows users who have disabled Secure Core and Secure Boot for gaming, or who use custom Windows drivers, or who have USB boot enabled, may still be vulnerable if their systems haven't received the update. We're uncertain about the range of Surface devices affected. Our source said it appears to be all of them (Surface Laptops 3-6, Surface Book 1-3) except for Surface Go models. ARM variants, however, have not been tested. The report notes that Microsoft is planning to move the Surface stack to a more secure architecture based on Rust code.
"Our most recent Surface for Business hardware features a major architectural shift in terms of improved reliability and security that spans our embedded controller, UEFI, but also some of our drivers," said David Abzarian, chief architect for Microsoft Surface. "We're investing in the most secure foundation for a PC by building our embedded controller firmware from the ground up in Rust (as part of leveraging and contributing to the Open Device Partnership (ODP)) in addition to a rewrite of the UEFI DXE Core in Rust; these projects are known as Secure EC and Project Patina respectively."
"We're also not only shipping some of our drivers written in Rust, but also helping co-develop the framework Windows Drivers in Rust (WDR) to help enable a broad set of partners in the Windows ecosystem to capitalize on these benefits. I will also note that all of these efforts are open-source promoting one of our key security principles around transparency."
According to Jack Darcy, a security researcher based in Australia, his instance of Microsoft Copilot stumbled across the bug after being asked to adjust the screen backlighting on a Surface device. The Copilot-conjured Python script ended up rendering the researcher's laptop inoperable by overwriting the embedded controller firmware. "Copilot autonomously created and executed four progressively aggressive Python scripts during a probe for backlight control values that sent raw SSAM ioctl commands (SSAM_CDEV_REQUEST = 0xC028A501) directly to the SAM microcontroller through the SAM software path," Darcy explained to The Register.
[...] "We appreciate the work of Jack Darcy and The Register for reporting this issue under a coordinated vulnerability disclosure," a Microsoft spokesperson said in a statement. "Our investigation found that a deprecated UEFI interface could trigger a boot loop on some devices. To trigger this loop, the user must have administrator privileges and have already disabled the Secure Boot security feature. We have released updates to address the issue for most impacted devices."
That means managed devices are not at risk. But those using Linux, or Windows users who have disabled Secure Core and Secure Boot for gaming, or who use custom Windows drivers, or who have USB boot enabled, may still be vulnerable if their systems haven't received the update. We're uncertain about the range of Surface devices affected. Our source said it appears to be all of them (Surface Laptops 3-6, Surface Book 1-3) except for Surface Go models. ARM variants, however, have not been tested. The report notes that Microsoft is planning to move the Surface stack to a more secure architecture based on Rust code.
"Our most recent Surface for Business hardware features a major architectural shift in terms of improved reliability and security that spans our embedded controller, UEFI, but also some of our drivers," said David Abzarian, chief architect for Microsoft Surface. "We're investing in the most secure foundation for a PC by building our embedded controller firmware from the ground up in Rust (as part of leveraging and contributing to the Open Device Partnership (ODP)) in addition to a rewrite of the UEFI DXE Core in Rust; these projects are known as Secure EC and Project Patina respectively."
"We're also not only shipping some of our drivers written in Rust, but also helping co-develop the framework Windows Drivers in Rust (WDR) to help enable a broad set of partners in the Windows ecosystem to capitalize on these benefits. I will also note that all of these efforts are open-source promoting one of our key security principles around transparency."
Amazing... (Score:3)
In a sane world, you might expect the Windows 'integrated' AI to be wired up to just... adjust the brightness..
But *fine*, you don't wire it up, you might then at least hope the AI to say "That capability is not enabled, but here is some help text telling you to do it".
But nope, "That sounds like something an ioctl would do, and I don't know the ioctl per se, but let's just submit random bullshit ioctls and *maybe* it will happen to do as user requested?"
Re:Amazing... (Score:4, Interesting)
Just for fun, I asked Gemini and it says:
To adjust the screen brightness on a Microsoft Surface (or any Windows laptop), you can use the WMI API (Windows Management Instrumentation) with WmiMonitorBrightnessMethods or the UWP BrightnessOverride class.
So yeah, it's wild how these LLMs lose the plot and just start bashing square pegs into round holes.
Re: (Score:2)
Though an LLM might have gotten my closing <quote> tag right.
Re: (Score:2)
I love how it's so blatantly obvious that they are leaning into software development and the models are assuming you are going to write some C# to adjust brightness.
No idea if that's even close to right and I'm not inclined to check, but the fact the first answer is not "Well, find the brightness buttons and press them" is telling.
Re: (Score:2)
but the fact the first answer is not "Well, find the brightness buttons and press them" is telling.
Until we install USB robotic arms into our laptop, AI software isn't pressing any buttons. It seems quite dumb for software to suggest that as a response to an request for automation. Presumably if you're using AI for anything you're not trying to manually do shit like your granddaddy did.
Re: (Score:2)
Note that Gemini is responding to a user and not actually running the command.
He didn't say Gemini tried to use that to adjust brightness nor did be say he asked to code a brightness change/ automate it. So I assumed he gave the answer that Gemini would have given a random person asking how to do it.
planning to move to rust (Score:2)
"The report notes that Microsoft is planning to move the Surface stack to a more secure architecture based on Rust code."
Aren't we all? Planning. To (have Claude) migrate everything to Rust.
"these projects are known as Secure EC and Project Patina respectively."
Ah I get it. Patina -> rust. clever.
Killer Poke (Score:5, Funny)
POKE 59458,62
Re: Killer Poke (Score:2)
FINALLY a more permanent b!chslap!!! The 90s are back, baby!
Does this really affect anyone? (Score:1)
If this is only going to affect devices that have Secure Core and Secure Boot enabled how many devices like that exist in the wild? Who would disable both of those other than a handful of developers trying to make Linux work on Surface computers and security researchers who want to break their stuff?
Re: (Score:2)
I don't think this article is interesting because a flaw was discovered. It was over how stupidly Copilot handled the assignment.
Re: (Score:2)
Re: (Score:2)
If this is only going to affect devices that have Secure Core and Secure Boot enabled how many devices like that exist in the wild? Who would disable both of those other than a handful of developers trying to make Linux work on Surface computers and security researchers who want to break their stuff?
Precisely! I have a Surface and that thing runs fine. Only thing I've had trouble w/ was the downgrades to Notepad, Paint and the elimination of Wordpad. Otherwise, it works just great
Also, if somebody wants to run Linux, why on earth would you buy a Surface? Just like if somebody wants to run Linux, why on earth would you buy an M-series Mac? When there are companies like Fyde, System 76 and one could even get a perfectly custom Framework laptop to do the same thing
Raises hand ... (Score:3)
I'm not much of a laptop user, and haven't seen many Surface devices, but all the laptops I've seen have functions keys to adjust the screen brightness. Is this something different or doesn't Surface have some tactile way to accomplish this?
Re: (Score:2)
Does your software engage a robotic arm to reach out and touch the buttons for you?
There's many reasons why you want to automate the control of display brightness. Enough reasons that windows even has an API for it. https://learn.microsoft.com/en... [microsoft.com]
Which ultimately also makes you wonder what the fuck copilot was doing probing UEFI with python scripts.
Re: (Score:3)
Which ultimately also makes you wonder what the fuck copilot was doing probing UEFI with python scripts.
Given the APIs mentioned in TFS, it seems it might have been on Linux. Doesn't make it significantly less stupid, but the coding LLMs do sometimes tend to go off the rails like that.
Ask Codex a simple question about why a button is clipped by the edge of the dialog in this android app, and next thing you know it's downloaded 4 different versions of the SDK, written two or three mutually-incompatible gradle wrapper scripts, and is 12 gigs into cloning the full AOSP repo when you walk back in from getting a
That gives "ping of death" a new meaning (Score:1)
https://en.wikipedia.org/wiki/... [wikipedia.org]
The article is a bit wider in explanations, but around 1999/2000 you could kill a windows machine with a single malformed ping request.
Re: (Score:2)
Such fun times. I was a Linux admin when Teardrop was a thing. Maybe now with all the AI vuln discovery we'll get a new single-packet crash attack, or even RCE.
Their software is bad enough (Score:2)
Their software is already bad enough, who in their right mind really actually buys their hardware??? Moral and ethics dilemma aside.
I had gotten handed some Surface device for an while and it was clunky and horrible and the entire concept was not thought through well. I am fine with either a tablet OR a nice thin laptop OR a desktop. Surface devices dont seem to be great in any of those regards.
Wrong name (Score:3)
It should have been called Microsoft Attack Surface