Update rollup for POODLE attack against TLS security vulnerability in Windows Embedded Compact 2013 (December 2015)

Issues that are fixed in this update

An update rollup is available for Windows Embedded Compact 2013. This update rollup fixes the security issues that are described in the following article in the Microsoft Knowledge Base:

  • 2655992 MS12-049: Vulnerability in TLS could allow information disclosure: July 10, 2012
Additionally, this update rollup fixes the following issue:
  • Assume that you have a Windows Embedded Compact 2013 device that has web server support. When you use the SSL test Labs tool to test security vulnerability, the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack against TLS security vulnerability is detected.

Resolution

To resolve this problem, install this update.

To enable this fix, you have to disable SSL 3.0 on both the client and server. To do this, see the "Registry information" section.

Software update information

Download information

The Windows Embedded Compact 2013 monthly update for December 2015 is now available from Microsoft. To download this Windows Embedded Compact 2013 monthly update, go to Microsoft OEM Online or MyOEM.



Prerequisites

This update is supported only if all previously issued updates for this product have also been installed.



Registry information

Important
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

After you apply this update, you have to disable the SSL 3.0 protocol to avoid Poodle SSL 3.0 attacks. This is because this vulnerability is related to the protocol and not to Microsoft-specific implementations.

  • If the device is acting as a client, SSL 3.0 can be disabled by setting the following registry key on the client:

    Registry location:
    HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ClientHKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client

    DWORD name: Enabled
    DWORD value: 0
  • If the device is acting as a server, SSL 3.0 can be disabled by setting the following registry key on the server:

    Registry location:
    HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ServerHKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server

    DWORD name: Enabled
    DWORD value: 0

Restart requirement

After you apply this update, you must perform a clean build of the whole platform. To do this, use one of the following methods:
  • On the Build menu, click Clean Solution, and then click Build Solution.
  • On the Build menu, click Rebuild Solution.
You don't have to restart the computer after you apply this software update.



Update replacement information

This update doesn't replace any other updates.



File information

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

Learn about the terminology that Microsoft uses to describe software updates.
Properties

Article ID: 3127486 - Last Review: 14 Feb 2017 - Revision: 1

Windows Embedded Compact 2013

Feedback