Update rollup includes a security update for Windows Embedded Compact 7 (September 2018)

Applies to: Windows Embedded Compact 7

An update rollup is available for Windows Embedded Compact 7. This rollup resolves the security issues that are described in the following Microsoft TechNet topic:

CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability

This rollup updates the CredSSP authentication protocol and Remote Desktop clients. Mitigation consists of installing the update and then using registry-based settings to manage the CredSSP parameter setting. The update introduces the following registry setting:

Registry path: [HKEY_LOCAL_MACHINE\Comm\SecurityProviders\CredSSP]

Value: AllowEncryptionOracle

Date type: DWORD

Possible settings for AllowEncryptionOracle

Dword value Result
0 Force updated clients
1 Mitigated
2 Vulnerable

We recommend that you use the registry setting of 0 (force updated clients) or 1 (mitigated). Changes require a restart of the affected system.

Note The default value is 2 (vulnerable). After you install the 4479296 update, the default value will be changed to 1 (mitigated).

Software update information

Download information

The Windows Embedded Compact 7 Monthly Update (September 2018) is now available from Microsoft. To download the update, go to the Device Partner Center (DPC).

The kind of processor that each file applies to is displayed in the name of each file in the "File information" section.


This update is supported only if all previous updates for this product are installed.

Restart requirement

After you apply this update, you must perform a clean build of the whole platform. To do this, use one of the following methods:

  • On the Build menu, select Clean Solution, and then select Build Solution.
  • On the Build menu, select Rebuild Solution.

You don't have to restart the computer after you apply this software update.

Update replacement information

This update doesn't replace any other updates.


Learn about the terminology that Microsoft uses to describe software updates.