You are currently offline, waiting for your internet to reconnect

Update rollup for POODLE attack against TLS security vulnerability in Windows Embedded Compact 2013 (December 2015)

Issues that are fixed in this update
An update rollup is available for Windows Embedded Compact 2013. This update rollup fixes the security issues that are described in the following article in the Microsoft Knowledge Base:

  • 2655992 MS12-049: Vulnerability in TLS could allow information disclosure: July 10, 2012
Additionally, this update rollup fixes the following issue:
  • Assume that you have a Windows Embedded Compact 2013 device that has web server support. When you use the SSL test Labs tool to test security vulnerability, the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack against TLS security vulnerability is detected.
Resolution
To resolve this problem, install this update.

To enable this fix, you have to disable SSL 3.0 on both the client and server. To do this, see the "Registry information" section.

Software update information

Download information

The Windows Embedded Compact 2013 monthly update for December 2015 is now available from Microsoft. To download this Windows Embedded Compact 2013 monthly update, go to Microsoft OEM Online or MyOEM.

Prerequisites

This update is supported only if all previously issued updates for this product have also been installed.

Registry information

Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

After you apply this update, you have to disable the SSL 3.0 protocol to avoid Poodle SSL 3.0 attacks. This is because this vulnerability is related to the protocol and not to Microsoft-specific implementations.

  • If the device is acting as a client, SSL 3.0 can be disabled by setting the following registry key on the client:

    Registry location:
    HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ClientHKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client

    DWORD name: Enabled
    DWORD value: 0
  • If the device is acting as a server, SSL 3.0 can be disabled by setting the following registry key on the server:

    Registry location:
    HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ServerHKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server

    DWORD name: Enabled
    DWORD value: 0

Restart requirement

After you apply this update, you must perform a clean build of the whole platform. To do this, use one of the following methods:
  • On the Build menu, click Clean Solution, and then click Build Solution.
  • On the Build menu, click Rebuild Solution.
You don't have to restart the computer after you apply this software update.

Update replacement information

This update doesn't replace any other updates.

File information

The English version of this software update package has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Files that are included in this hotfix package
File nameFile sizeDateTimePath
Ssl_lsa.lib551,36222-Dec-201510:15Public\Common\Oak\Lib\X86\Checked
Spbase.lib2,135,06022-Dec-201510:15Public\Common\Oak\Lib\X86\Checked
Ssl_lsa.lib385,16222-Dec-201510:15Public\Common\Oak\Lib\X86\Retail
Spbase.lib1,435,42022-Dec-201510:15Public\Common\Oak\Lib\X86\Retail
Ssl_lsa.lib495,41022-Dec-201510:14Public\Common\Oak\Lib\X86\Debug
Spbase.lib1,924,90222-Dec-201510:14Public\Common\Oak\Lib\X86\Debug
Ssl_lsa.lib520,53422-Dec-201510:15Public\Common\Oak\Lib\Armv7\Checked
Spbase.lib2,031,69222-Dec-201510:15Public\Common\Oak\Lib\Armv7\Checked
Ssl_lsa.lib338,09222-Dec-201510:15Public\Common\Oak\Lib\Armv7\Retail
Spbase.lib1,261,50622-Dec-201510:15Public\Common\Oak\Lib\Armv7\Retail
Ssl_lsa.lib563,48222-Dec-201510:14Public\Common\Oak\Lib\Armv7\Debug
Spbase.lib2,196,86822-Dec-201510:14Public\Common\Oak\Lib\Armv7\Debug
Ncrypt.rel122,97922-Dec-201510:16Public\Common\Oak\Target\X86\Checked
Schannel.map403,72222-Dec-201510:16Public\Common\Oak\Target\X86\Checked
Ncrypt.dll274,43222-Dec-201510:16Public\Common\Oak\Target\X86\Checked
Ncrypt.map212,18422-Dec-201510:16Public\Common\Oak\Target\X86\Checked
Schannel.rel218,53422-Dec-201510:16Public\Common\Oak\Target\X86\Checked
Schannel.dll344,06422-Dec-201510:16Public\Common\Oak\Target\X86\Checked
Ncrypt.rel59,29522-Dec-201510:16Public\Common\Oak\Target\X86\Retail
Schannel.map141,03422-Dec-201510:16Public\Common\Oak\Target\X86\Retail
Ncrypt.dll188,41622-Dec-201510:16Public\Common\Oak\Target\X86\Retail
Ncrypt.map143,19922-Dec-201510:16Public\Common\Oak\Target\X86\Retail
Schannel.rel48,33322-Dec-201510:16Public\Common\Oak\Target\X86\Retail
Schannel.dll143,36022-Dec-201510:16Public\Common\Oak\Target\X86\Retail
Ncrypt.rel98,88022-Dec-201510:15Public\Common\Oak\Target\X86\Debug
Schannel.map410,18622-Dec-201510:15Public\Common\Oak\Target\X86\Debug
Ncrypt.dll323,58422-Dec-201510:15Public\Common\Oak\Target\X86\Debug
Ncrypt.map215,00922-Dec-201510:15Public\Common\Oak\Target\X86\Debug
Schannel.rel244,63422-Dec-201510:15Public\Common\Oak\Target\X86\Debug
Schannel.dll446,46422-Dec-201510:15Public\Common\Oak\Target\X86\Debug
Ncrypt.rel52,39322-Dec-201510:16Public\Common\Oak\Target\Armv7\Checked
Schannel.map809,97822-Dec-201510:16Public\Common\Oak\Target\Armv7\Checked
Ncrypt.dll221,18422-Dec-201510:16Public\Common\Oak\Target\Armv7\Checked
Ncrypt.map518,21722-Dec-201510:16Public\Common\Oak\Target\Armv7\Checked
Schannel.rel115,52622-Dec-201510:16Public\Common\Oak\Target\Armv7\Checked
Schannel.dll315,39222-Dec-201510:16Public\Common\Oak\Target\Armv7\Checked
Ncrypt.rel34,52922-Dec-201510:16Public\Common\Oak\Target\Armv7\Retail
Schannel.map271,34822-Dec-201510:16Public\Common\Oak\Target\Armv7\Retail
Ncrypt.dll151,55222-Dec-201510:16Public\Common\Oak\Target\Armv7\Retail
Ncrypt.map363,73622-Dec-201510:16Public\Common\Oak\Target\Armv7\Retail
Schannel.rel27,33722-Dec-201510:16Public\Common\Oak\Target\Armv7\Retail
Schannel.dll122,88022-Dec-201510:16Public\Common\Oak\Target\Armv7\Retail
Ncrypt.rel51,98722-Dec-201510:15Public\Common\Oak\Target\Armv7\Debug
Schannel.map887,69622-Dec-201510:15Public\Common\Oak\Target\Armv7\Debug
Ncrypt.dll286,72022-Dec-201510:15Public\Common\Oak\Target\Armv7\Debug
Ncrypt.map586,78522-Dec-201510:15Public\Common\Oak\Target\Armv7\Debug
Schannel.rel115,29422-Dec-201510:15Public\Common\Oak\Target\Armv7\Debug
Schannel.dll405,50422-Dec-201510:15Public\Common\Oak\Target\Armv7\Debug
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
Learn about the terminology that Microsoft uses to describe software updates.
Properties

Article ID: 3127486 - Last Review: 01/21/2016 00:39:00 - Revision: 1.0

Windows Embedded Compact 2013

  • kbfix kbsurveynew atdownload kbexpertiseadvanced kbsecbulletin kbsecurity KB3127486
Feedback
/html>