Surface Pro 2 owners wonder: Will Microsoft ship TPM firmware that works?

On the one hand, Surface Pro 2 machines say they need a TPM firmware update. On the other hand, Microsoft doesn’t have one -- and doesn’t appear to be working on one.

The Microsoft logo on the outside of a building.
REUTERS/Bogdan Cristel

If you have a Surface Pro 2, you’re in for yet another runaround. This time, the controversy surrounds the SP2’s TPM chip – the chip that controls access to BitLocker and some other disk encryption technology.

The SP2 shipped with an older, less-secure version of the TPM firmware. If your machine has an older version of the TPM firmware, you see a Win10 Defender warning like the one in this screenshot.

Surface Pro 2 TPM warning Microsoft Answers forum

In order to protect your machine, you have to upgrade the TPM firmware. But Microsoft doesn’t have a new version of the firmware available for the Surface Pro 2. Worse, given the way they’re dragging their heels, it’s unlikely that a new version will ever appear.

It’s a serious problem for anyone who’s relying on technology like BitLocker to protect their four-year-old Surface Pro 2. Microsoft describes the security problem in KB 4096377:

A security vulnerability exists in certain TPM chipsets that can impact operating system security, which means Windows 10 operating systems are at increased risk. You are receiving this message because Microsoft is releasing Windows 10 security updates to address the vulnerability which you will need to download and install. In addition, device manufacturers are releasing firmware updates to remediate the problem which you also need to download and install.

Except, well, Microsoft hasn’t bothered to release a firmware update to remediate the problem for the Surface Pro 2.

According to KB 4073006, Microsoft has already released firmware updates for:

The same KB article says that TPM updates aren’t needed for:

  • Surface 3
  • Surface Laptop
  • Surface Pro Model 1796
  • Surface Pro with LTE Advanced Model 1807
  • Surface Book 2
  • Surface Hub

But the Surface Pro 2 is nowhere to be seen.

Microsoft “Agent” AJ Don posted on the Microsoft Answers forum:

We appreciate your post regarding your question about a TPM update on Surface Pro 2. There is no update for Surface Pro 2 available. You may check Security issue for Trusted Platform Module (TPM) on Surface devices for affected devices.

Hope this information helps in clarifying the confusion.

…which, of course, doesn’t provide any clarification at all.

How hard would it be to give a definitive answer: Will Microsoft fix the problem, or should SP2 owners who need reliable TPM just toss the machine now and stop beating their heads against the wall?

Every time I see a “review” for Surface Go, or think about how much money Microsoft spends on “reviewers” to get them to attend fancy marketing presentations, there’s a voice in the back of my head that reminds me of the problems we’ve seen with Surface devices, over and over again: Batteries on the SP3, SP4 and SB2. SP4 flickering that Microsoft denied for two years before finally owning up to the problem. Blue screens and other Win10 bugs that should’ve been caught. Bad TypeCovers. Mis-labeled SSDs. Slow SSDs. And on and on.

The problems are bad enough, but the way Microsoft handles customer complaints reminds me of the old Mushroom Management Microsoft – ignore ‘em and hope they go away. If Microsoft spent even a fraction of their “reviewer” budget on better support, we might get something worthwhile for Surface Pro 2 customers.

I, for one, won’t hold my breath.

Got a Surface gripe? Join us on the AskWoody Lounge.

First look: Office 2019’s likeliest new features
  
Shop Tech Products at Amazon