Microsoft is aware of the newly announced variants to the speculative execution side-channel attacks that have been made public by Intel in CVE-2018-3639 and CVE-2018-3640. These vulnerabilities affect many modern devices including Surface devices. In addition to the operating system updates, Surface will be making available firmware updates to address these new vulnerabilities. You can find more information about these vulnerabilities and the fixes for Surface devices in KB4073065:Surface guidance to protect against speculative execution side-channel vulnerabilities.
As these updates for Surface devices are made available, they will be announced here on the Surface Blog for IT Pros as well as in KB4073065. You can subscribe to the Surface Blog for IT Pros to be alerted when new updates are published or even set up email alerts with Microsoft Flow