• your Windows® embedded community

    eWEEK Windows for Devices - Your Windows Embedded Community

    Windows For Devices

  • home
  • news
  • embedded PCs
  • boards
  • handhelds
  • tablets
  • thin clients
  • enterprise
  • consumer
  • articles

    News

  • Home > News

        August brings four critical XPe patches

        Jonathan Angel | Date: Aug 22, 2008 | Comments: 1


        • Print PDF
        • Filed Under: News

        Microsoft has released its monthly batch of security updates for Windows XP Embedded (XPe). Announced on Microsoft's Windows Embedded Standard blog, and available now on its Mobile and Embedded Communications Extranet (ECE), the August batch boasts ten different fixes, four rated "critical."



        Four of the fixes are rated "critical," since they reportedly repair vulnerabilities that could potentially allow an attacker to take complete control of a computer. Via remote code execution, an attacker could install programs, view, change, or delete data, and create new accounts with full user rights, according to Microsoft.

        The four "cricial" patches include:
        • KB 953838, which reportedly resolves six different vulnerabilities in Internet Explorer 5, 6, and 7 that could allow remote code execution if a user views a specially crafted Web page

        • KB 952954, which reportedly modifies the way that the Microsoft ICM (image color management) system allocates memory and parses image files. Without this fix, a specially crafted image could be used to gain remote access to a system via a memory buffer overflow, says Microsoft.

        • KB 951376, said to fix the way the Bluetooth stack in XPe behaves when bombarded by a large number of service description requests

        • KB 944338, said to change the way the VBScript and JScript scripting engines decode scripts in web pages
        Five of the other fixes are rated merely "important," while a sixth aimed at modifying how XPe handles Daylight Savings Time carries no rating. The six "important" or unrated patches include:
        • KB 951072 -- August 2008 cumulative time zone update for Microsoft Windows operating systems

        • KB 951066 -- Security Update for Outlook Express and Windows Mail

        • KB 950974 -- Vulnerabilities in event system could allow remote code execution

        • KB 946648 -- Vulnerability in Windows Messenger could allow information disclosure

        • KB 953839 -- Cumulative security update of ActiveX kill bits

        • KB 951748 -- Vulnerabilities in DNS could allow spoofing
        Further information

        To obtain the August 2008 batch of security updates, access Microsoft's Mobile and Embedded Communications Extranet (ECE), here (registration required).

        The fixes are for XPe with SP2, Feature Pack 2007, and/or Update Rollup 1.0. As always, Microsoft warns that XPe fixes are cumulative, and should be installed in the order they are released.


        Related stories:
        • Microsoft re-patches XPe
        • Microsoft releases "optional" XPe updates
        • "Critical" XPe bug fix available
        • Microsoft patches Windows XP Embedded
        • Microsoft releases February 2008 updates for XP Embedded
        • Microsoft releases December 2007 updates for XP Embedded
        • Installing XP Embedded optional updates without rebuilding images
        • Optional updates released for Windows XP Embedded
        • Microsoft offers bimonthly Windows XPe updates
        • Caching device info in Windows XPe Target Designer
        • Making Windows XPe TCP/IP changes stick
        • Repairing DRM in Windows Media Player 11
        • Protecting Windows-based kiosks from user tampering
        • Screencast shows how to add resources to Target Designer
        • Windows XP Embedded team solicits inputs
      • Newsletter
      • RSS
      • Twitter
      • Got a Tip?
      • Linux Devices

    most read

    • ARM Windows 8 may nix desktop
    • Autonomous robot's built around a Windows Phone handset
    • Intel ships Cedar Trail Atoms
    • America's first 'WhiteFi' network goes live
    • Tiny module boots Windows Embedded Compact 7 in 800 milliseconds

      WfD showcase archives

      • Mobile Phones
      • PDAs and other handhelds
      • Netbooks
      • Windows tablets, UMPCs, and MIDs
      • Audio/video entertainment devices
      • Thin client terminals and devices
        • Voice over IP devices
      • SPOTlight on .NET Micro Framework (MF)
      • SPOT-light on Microsoft's "SPOT" Technology
      • Other smart devices

  • eWEEK Quick LInks
  • Home
  • Windows & Interoperability
  • Mobile & Wireless Technology
  • Application Development
  • Enterprise Applications
  • Enterprise Networking
  • Desktops & Notebooks
  • Technology Videos
  • ZDE Corporate Site
  • Linux for Devices
  • Microsoft Watch Blog
  • Migration Expert Zone
  • Smarter Technology
  • ASP Free
  • Scripts
  • Tutorialized
  • Technology Resource Library

Site Map

Use of this site is governed by our Terms of Use and Privacy Policy

Copyright ©1996-2010 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc.
Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.