An update rollup is available for Windows Embedded Compact 2013. This rollup resolves the security issues that are described in the following article:
CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability
This rollup updates the CredSSP authentication protocol. Mitigation consists of installing the update and then using registry-based settings to manage the CredSSP parameter setting. The update introduces the following registry setting:
Registry path: [HKEY_LOCAL_MACHINE\Comm\SecurityProviders\CredSSP]
Value: AllowEncryptionOracle
Date type: DWORD
Possible Settings for AllowEncryptionOracle
Dword value |
Result |
0 |
Force updated clients |
1 |
Mitigated |
2 |
Vulnerable |
We recommend that you use the registry settings of 0 (force updated clients) or 1 (mitigated). These changes require a restart of the affected systems.
Note The default value is 2 (vulnerable). After you install the update 4479295, the default value will be changed to 1 (mitigated).
Software update information
Download information
The Windows Embedded Compact 2013 monthly update for September 2018 is now available from Microsoft. To download this Windows Embedded Compact 2013 monthly update, go to Microsoft OEM Online or the Device Partner Center (DPC).
Prerequisites
This update is supported only if all previously issued updates for this product have also been installed.
Restart requirement
After you apply this update, you must perform a clean build of the whole platform. To do this, use one of the following methods:
-
On the Build menu, select Clean Solution, and then select Build Solution.
-
On the Build menu, select Rebuild Solution.
You don't have to restart the computer after you apply this software update.
Update replacement information
This update doesn't replace any other updates.
The English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.
Files that are included in this hotfix package
File name |
File size |
Date |
Time |
Path |
---|---|---|---|---|
Common.reg |
542,110 |
31-Aug-2018 |
09:10 |
Public\Common\Oak\Files |
Credssp.lib |
223,436 |
31-Aug-2018 |
09:20 |
Public\Common\Oak\Lib\Armv7\Checked |
Tspkg.lib |
554,604 |
31-Aug-2018 |
09:20 |
Public\Common\Oak\Lib\Armv7\Checked |
Credssp.lib |
244,210 |
31-Aug-2018 |
09:20 |
Public\Common\Oak\Lib\Armv7\Debug |
Tspkg.lib |
647,334 |
31-Aug-2018 |
09:19 |
Public\Common\Oak\Lib\Armv7\Debug |
Credssp.lib |
230,142 |
31-Aug-2018 |
09:20 |
Public\Common\Oak\Lib\Armv7\Retail |
Tspkg.lib |
535,578 |
31-Aug-2018 |
09:20 |
Public\Common\Oak\Lib\Armv7\Retail |
Credssp.lib |
239,100 |
31-Aug-2018 |
09:21 |
Public\Common\Oak\Lib\X86\Checked |
Tspkg.lib |
616,596 |
31-Aug-2018 |
09:21 |
Public\Common\Oak\Lib\X86\Checked |
Credssp.lib |
224,474 |
31-Aug-2018 |
09:19 |
Public\Common\Oak\Lib\X86\Debug |
Tspkg.lib |
535,336 |
31-Aug-2018 |
09:19 |
Public\Common\Oak\Lib\X86\Debug |
Credssp.lib |
244,274 |
31-Aug-2018 |
09:21 |
Public\Common\Oak\Lib\X86\Retail |
Tspkg.lib |
594,134 |
31-Aug-2018 |
09:21 |
Public\Common\Oak\Lib\X86\Retail |
Status
Microsoft has confirmed that this is an issue in the Microsoft products that are listed in the "Applies to" section.