Update rollup includes a security update for Windows Embedded Compact 2013 (September 2018)

Applies to: Windows Embedded Compact 2013

An update rollup is available for Windows Embedded Compact 2013. This rollup resolves the security issues that are described in the following article:

CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability

This rollup updates the CredSSP authentication protocol. Mitigation consists of installing the update and then using registry-based settings to manage the CredSSP parameter setting. The update introduces the following registry setting:

Registry path: [HKEY_LOCAL_MACHINE\Comm\SecurityProviders\CredSSP]

Value: AllowEncryptionOracle

Date type: DWORD

Possible Settings for AllowEncryptionOracle

Dword value Result
0 Force updated clients
1 Mitigated
2 Vulnerable

We recommend that you use the registry settings of 0 (force updated clients) or 1 (mitigated). These changes require a restart of the affected systems.

Note The default value is 2 (vulnerable). After you install the update 4479295, the default value will be changed to 1 (mitigated).

Software update information

Download information

The Windows Embedded Compact 2013 monthly update for September 2018 is now available from Microsoft. To download this Windows Embedded Compact 2013 monthly update, go to Microsoft OEM Online or the Device Partner Center (DPC).


This update is supported only if all previously issued updates for this product have also been installed.

Restart requirement

After you apply this update, you must perform a clean build of the whole platform. To do this, use one of the following methods:

  • On the Build menu, select Clean Solution, and then select Build Solution.
  • On the Build menu, select Rebuild Solution.

You don't have to restart the computer after you apply this software update.

Update replacement information

This update doesn't replace any other updates.


Microsoft has confirmed that this is an issue in the Microsoft products that are listed in the "Applies to" section.