An update rollup is available for Windows Embedded Compact 2013. This rollup resolves the security issues that are described in the following article:

CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability

This rollup updates the CredSSP authentication protocol. Mitigation consists of installing the update and then using registry-based settings to manage the CredSSP parameter setting. The update introduces the following registry setting:

Registry path: [HKEY_LOCAL_MACHINE\Comm\SecurityProviders\CredSSP]

Value: AllowEncryptionOracle

Date type: DWORD

Possible Settings for AllowEncryptionOracle

Dword value

Result

0

Force updated clients

1

Mitigated

2

Vulnerable


We recommend that you use the registry settings of 0 (force updated clients) or 1 (mitigated). These changes require a restart of the affected systems.

Note The default value is 2 (vulnerable). After you install the update 4479295, the default value will be changed to 1 (mitigated).

The English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Files that are included in this hotfix package

File name

File size

Date

Time

Path

Common.reg

542,110

31-Aug-2018

09:10

Public\Common\Oak\Files

Credssp.lib

223,436

31-Aug-2018

09:20

Public\Common\Oak\Lib\Armv7\Checked

Tspkg.lib

554,604

31-Aug-2018

09:20

Public\Common\Oak\Lib\Armv7\Checked

Credssp.lib

244,210

31-Aug-2018

09:20

Public\Common\Oak\Lib\Armv7\Debug

Tspkg.lib

647,334

31-Aug-2018

09:19

Public\Common\Oak\Lib\Armv7\Debug

Credssp.lib

230,142

31-Aug-2018

09:20

Public\Common\Oak\Lib\Armv7\Retail

Tspkg.lib

535,578

31-Aug-2018

09:20

Public\Common\Oak\Lib\Armv7\Retail

Credssp.lib

239,100

31-Aug-2018

09:21

Public\Common\Oak\Lib\X86\Checked

Tspkg.lib

616,596

31-Aug-2018

09:21

Public\Common\Oak\Lib\X86\Checked

Credssp.lib

224,474

31-Aug-2018

09:19

Public\Common\Oak\Lib\X86\Debug

Tspkg.lib

535,336

31-Aug-2018

09:19

Public\Common\Oak\Lib\X86\Debug

Credssp.lib

244,274

31-Aug-2018

09:21

Public\Common\Oak\Lib\X86\Retail

Tspkg.lib

594,134

31-Aug-2018

09:21

Public\Common\Oak\Lib\X86\Retail

Status

Microsoft has confirmed that this is an issue in the Microsoft products that are listed in the "Applies to" section.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×