All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Microsoft patches Surface firmware flaw discovered by Copilot that could brick devices

12d ago· 1 min readenNews
technologysecurity

Summary

Microsoft quietly patched a firmware flaw in Surface devices that could brick hardware with a single packet, but only when Secure Core and Secure Boot were disabled. Security researcher Jack Darcy discovered the bug when Microsoft Copilot inadvertently generated Python scripts that overwrote embedded controller firmware while trying to adjust screen backlighting. The vulnerability involved the SAM/SSAM embedded controller lacking defenses against arbitrary write values, enabling firmware vandalism without physical access checks. Microsoft downplayed the risk, stating exploitation requires specific drivers, administrator privileges, and disabling Secure Boot.

Source

bskyMicrosoft patches Surface firmware flaw discovered by Copilot that could brick devicesbriefly.co

Key quotes

· 5 pulled
Microsoft quietly patched a firmware flaw in Surface devices over the past 90 days that could brick hardware with a single packet, but only when Secure Core and Secure Boot were disabled.
Jack Darcy, a security researcher in Australia, reported that Microsoft Copilot inadvertently helped identify the bug while adjusting screen backlighting.
Copilot generated and executed Python scripts that rendered his laptop inoperable by overwriting embedded controller firmware.
The SAM/SSAM embedded controller in Surface devices lacked defenses against arbitrary write values, enabling firmware vandalism without the usual physical access checks.
Microsoft stated there is no realistic attack scenario because exploitation would require specific drivers, hardware interface command access, administrator privileges, and disabling Secure Boot.
Snippet from the RSS feed
Microsoft quietly patched a firmware flaw in Surface devices over the past 90 days that could brick hardware with a single packet, but only when Secure Core and Secure Boot were disabled. Jack Darcy, a security researcher in Australia, reported that Micro

You might also wanna read

Microsoft Copilot Security Vulnerability Allows File Access Without Audit Logging

A security researcher discovered a critical vulnerability in Microsoft's Copilot AI where the system can access and retrieve information fro

pistachioapp.com·10mo ago

Microsoft Copilot Cowork Vulnerability Enables File Exfiltration via Prompt Injection

Microsoft Copilot Cowork has a vulnerability that allows attackers to exfiltrate files through indirect prompt injection attacks. The exploi

thefrontpage.dev·29d ago

App Developers Block Microsoft's Recall Feature Over Privacy Concerns

Microsoft's Recall feature, which automatically screenshots activities on Copilot Plus PCs, is facing opposition from app developers like Si

The Verge·11mo ago

GitHub Copilot Vulnerability Enables Remote Code Execution via Prompt Injection

A critical security vulnerability (CVE-2025-53773) in GitHub Copilot allows attackers to achieve remote code execution by placing the AI ass

embracethered.com·8mo ago

Hardware Security Analysis: Dumping Firmware and Bruteforcing ECC on Potensic Atom 2 Drone

Security researchers from Neodyme conducted hardware security research on the Potensic Atom 2 drone, documenting their process of desolderin

neodyme.io·5mo ago

Microsoft 365 Copilot Vulnerability: Mermaid Diagram Attack Enables Data Exfiltration

A security researcher discovered a vulnerability in Microsoft 365 Copilot where specially crafted Office documents could trigger indirect pr

adamlogue.com·8mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.