Microsoft has mostly repaired flaw in Surface hardware that allowed unprotected devices to be bricked by a single packet
Summary
Microsoft has largely fixed a flaw in its Surface hardware that could allow a single specially crafted network packet to render devices inoperable. The vulnerability, which existed for an extended period, was reportedly revealed by Microsoft Copilot.
IFF Assessment
This vulnerability, even if now patched, highlights a weakness in hardware that could be exploited by attackers to cause significant disruption by disabling devices.
Severity
The vulnerability allowed for remote code execution (though limited in scope to bricking) via a network attack vector, with a high impact on availability. The ease of exploiting a single packet suggests a moderately high exploitability.
Defender Context
Defenders should ensure all affected Surface devices are updated with the latest firmware patches to mitigate this risk. This incident underscores the importance of timely hardware vulnerability disclosures and patching, especially for critical infrastructure or sensitive endpoints.