According to a posting on the Embedded Windows team blog, the updates are cumulative, and include new releases of both the Desktop QFE Installer (DQI) Tool and the Component Database. Six of them apply to XPe Service Pack 2 with Feature Pack 2007 with
Update Rollup 1.0 applied, while the seventh is for installations that do not have the update rollup.
The first six security updates are detailed briefly in the posting, as follows:
- KB 945553 -- Vulnerability in DNS client could allow spoofing
- KB 948590 -- Vulnerabilities in GDI could allow remote code execution
- KB 948881 -- Security update of ActiveX kill bits
- KB 947864 -- Cumulative security update for Internet Explorer
- KB 941693 -- Vulnerability in Windows kernel could allow elevation of privilege
The above security updates fix issues that have also been found in other Microsoft operating systems, such as Windows XP or Server 2003. Therefore, detailed articles on each can be found in Microsoft's Knowledgebase by clicking on the links provided above.
The seventh security update, specifically for systems without Update Rollup 1.0, is as follows:
- KB 944338 -- Vulnerability in VBScript and JScript scripting engines could allow remote code execution
Further information and availabilityAs mentioned above, you can find out more about the security updates by clicking on the links leading to their corresponding Knowledgebase entries. You can also read the Embedded Windows team's posting announcing the security updates,
here.
An ECE user name and password is required to obtain the security updates,
here.
Related stories:
