Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Update rollup includes a security update for Windows Embedded Compact 2013 (September 2018)


View products that this article applies to.

An update rollup is available for Windows Embedded Compact 2013. This rollup resolves the security issues that are described in the following article:

CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability

This rollup updates the CredSSP authentication protocol. Mitigation consists of installing the update and then using registry-based settings to manage the CredSSP parameter setting. The update introduces the following registry setting:

Registry path: [HKEY_LOCAL_MACHINE\Comm\SecurityProviders\CredSSP]

Value: AllowEncryptionOracle

Date type: DWORD

Possible Settings for AllowEncryptionOracle

Dword value Result
0 Force updated clients
1 Mitigated
2 Vulnerable


We recommend that you use the registry settings of 0 (force updated clients) or 1 (mitigated). These changes require a restart of the affected systems.

Note The default value is 2 (vulnerable). After you install the update 4479295, the default value will be changed to 1 (mitigated).

↑ Back to the top


Software update information

Download information

The Windows Embedded Compact 2013 monthly update for September 2018 is now available from Microsoft. To download this Windows Embedded Compact 2013 monthly update, go to Microsoft OEM Online or the Device Partner Center (DPC).

Prerequisites

This update is supported only if all previously issued updates for this product have also been installed.

Restart requirement

After you apply this update, you must perform a clean build of the whole platform. To do this, use one of the following methods:

  • On the Build menu, select Clean Solution, and then select Build Solution.
  • On the Build menu, select Rebuild Solution.

You don't have to restart the computer after you apply this software update.

Update replacement information

This update doesn't replace any other updates.

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Files that are included in this hotfix package

File name File size Date Time Path
Common.reg 542,110 31-Aug-2018 09:10 Public\Common\Oak\Files
Credssp.lib 223,436 31-Aug-2018 09:20 Public\Common\Oak\Lib\Armv7\Checked
Tspkg.lib 554,604 31-Aug-2018 09:20 Public\Common\Oak\Lib\Armv7\Checked
Credssp.lib 244,210 31-Aug-2018 09:20 Public\Common\Oak\Lib\Armv7\Debug
Tspkg.lib 647,334 31-Aug-2018 09:19 Public\Common\Oak\Lib\Armv7\Debug
Credssp.lib 230,142 31-Aug-2018 09:20 Public\Common\Oak\Lib\Armv7\Retail
Tspkg.lib 535,578 31-Aug-2018 09:20 Public\Common\Oak\Lib\Armv7\Retail
Credssp.lib 239,100 31-Aug-2018 09:21 Public\Common\Oak\Lib\X86\Checked
Tspkg.lib 616,596 31-Aug-2018 09:21 Public\Common\Oak\Lib\X86\Checked
Credssp.lib 224,474 31-Aug-2018 09:19 Public\Common\Oak\Lib\X86\Debug
Tspkg.lib 535,336 31-Aug-2018 09:19 Public\Common\Oak\Lib\X86\Debug
Credssp.lib 244,274 31-Aug-2018 09:21 Public\Common\Oak\Lib\X86\Retail
Tspkg.lib 594,134 31-Aug-2018 09:21 Public\Common\Oak\Lib\X86\Retail

↑ Back to the top


Status

Microsoft has confirmed that this is an issue in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


Keywords: kbsecurity, kblangall, kbmustloc, atdownload, kbsecvulnerability, kbsecreview, kb, kbexpertiseinter, kbnofix, kbfix, kbsueveynew, kbsecbulletin

↑ Back to the top

Article Info
Article ID : 4457498
Revision : 9
Created on : 12/20/2018
Published on : 1/8/2019
Exists online : False
Views : 160