Article ID: 978465 - View products that this article applies to.
IntroductionAn update that introduces the Media Transfer Protocol (MTP) Responder component for Windows Embedded CE 6.0 R3 is available. This component does not support media synchronization. However, it provides basic MTP functionality for devices. This enables the devices to be compatible with the Device Stage feature in Windows 7.
When the device connects to a computer that is running Windows 7 through USB or TCP/IP, the MTP Responder component improves the user experience. The MTP Responder component includes storage for MTP files and folders on a Windows Embedded CE 6.0 R3-based device. This enables the user to browse and manage files on the device in addition to transferring files between the device and the computer.
By using an MTP extension, the user can change and extend the MTP Responder component to support additional commands, operations, properties, and object formats. These additions are not included with the MTP specification.
Software update informationThe following file is available for download from the Microsoft Download Center:
Download the MTP Responder package now.
Collapse this imageExpand this image
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
(http://support.microsoft.com/kb/119591/ )How to obtain Microsoft support files from online services
PrerequisitesThis update is supported only if all previously issued updates for this product have also been installed.
Restart requirementAfter you apply this update, you must perform a clean build of the whole platform. To do this, use one of the following methods:
Update replacement informationThis update does not replace any other updates.
File informationThe English version of this software update package has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Collapse this tableExpand this table
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
The update adds the following registry keys in Windows Embedded CE 6.0 R3:
Information disclosure threatUsers should be warned not to store Personally Identifiable Information (PII) on their device. An attacker may use the IP network to copy the information from the device without the user’s acknowledgement. To help protect device users, we recommend that you include a warning in the user documentation stating that users should not store PII on a device.
Spoofing threatThere is no trust relationship between a device that works as an MTP Responder and the MTP Initiator that is connected to this device. This could lead to a spoofing attack on the device. For example, an MTP Initiator could identify itself as a common default name for a home network, such as 'linksys'. Meanwhile, the network can be used to obtain sensitive data from the device. The network can also be taken over to start a denial of service attack on another computer. To help reduce this risk, we recommend that you include a warning in the user documentation that resembles the following statement:
Closed box assumptionIf you ship a closed box solution for a device that uses MTP, MTP initiators can still copy data on and off the device. In order to help reduce the security risk of copying malware to the device, you should implement code signing. Code signing makes sure that only trusted code runs on the device. For more information about code signing, visit the following Microsoft Developer Network (MSDN) Web site:
Introduction to Code Signing
Note A closed box solution does not allow third-party applications or modules to be loaded on the system.
MTP over IPBy default, MTP over IP is enabled. This means that MTP Initiators can connect to a device that uses MTP. However, this makes MTP over IP sessions vulnerable to security threats such as spoofing, information disclosure, and denial of service. To help prevent these security threats, we recommend that you create a mechanism that lets the user accept each MTP over IP session. Or, you can create a mechanism that lets the user keep IP connections off until the user wants to connect. For more information about the MTP Device Services Extension specification, download the file from the following Microsoft Web site:
Information about the MTP Device Services Extension specification
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/824684/ )Description of the standard terminology that is used to describe Microsoft software updates