An update rollup is available for Windows Embedded Compact 2013. This rollup resolves the security issues that are described in the following article:
CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability
This rollup updates the CredSSP authentication protocol. Mitigation consists of installing the update and then using registry-based settings to manage the CredSSP parameter setting. The update introduces the following registry setting:
Registry path: [HKEY_LOCAL_MACHINE\Comm\SecurityProviders\CredSSP]
Value: AllowEncryptionOracle
Date type: DWORD
Possible Settings for AllowEncryptionOracle
Dword value | Result |
0 | Force updated clients |
1 | Mitigated |
2 | Vulnerable |
We recommend that you use the registry settings of 0 (force updated clients) or 1 (mitigated). These changes require a restart of the affected systems.
Note The default value is 2 (vulnerable). After you install the update 4479295, the default value will be changed to 1 (mitigated).