Update rollup for POODLE attack against TLS security vulnerability in Windows Embedded Compact 7 (December 2015)

Issues that are fixed in this update

An update rollup is available for Windows Embedded Compact 2013. This update rollup fixes the security issues that are described in the following article in the Microsoft Knowledge Base:

  • 2655992 MS12-049: Vulnerability in TLS could allow information disclosure: July 10, 2012
Additionally, this update rollup fixes the following issue:
  • Assume that you have a Windows Embedded Compact 2013 device that has web server support. When you use the SSL test Labs tool to test security vulnerability, the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack against TLS security vulnerability is detected.

Resolution

To resolve this problem, install this update.

To enable this fix, you have to disable SSL 3.0 on both the client and server. To do this, see the "Registry information" section.

Software update information

Download information

The Windows Embedded Compact 7 Monthly Update (December 2015) is now available from Microsoft. To download this Windows Embedded Compact 7 monthly update, go to the following Microsoft Download Center website:

The kind of processor to which each file applies is visible in the name of each file in the "File information" section.



Prerequisites

This update is supported only if all previous updates for this product are installed.



Registry information

Important
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.


After you apply this update, you have to disable the SSL 3.0 protocol to avoid Poodle SSL 3.0 attacks. This is because this vulnerability is related to the protocol and not to Microsoft-specific implementations.

  • If the device is acting as a client, SSL 3.0 can be disabled by setting the following registry key on the client:

    Registry location:
    HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ClientHKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client
    DWORD name: Enabled
    DWORD value: 0
  • If the device is acting as a server, SSL 3.0 can be disabled by setting the following registry key on the server:

    Registry location: HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ServerHKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
    DWORD name: Enabled
    DWORD value: 0

Restart requirement

After you apply this update, you must perform a clean build of the whole platform. To do this, use one of the following methods:

  • On the Build menu, click Clean Solution, and then click Build Solution.
  • On the Build menu, click Rebuild Solution.
You don't have to restart the computer after you apply this software update.



Update replacement information

This update doesn't replace any other updates.



File information

References

Learn about the terminology that Microsoft uses to describe software updates.
Thuộc tính

ID Bài viết: 3127484 - Xem lại Lần cuối: 21-01-2016 - Bản sửa đổi: 1

Phản hồi