According to a posting on the Embedded Windows team's blog, the updates are now available for XPe Service Pack 2 with Feature Pack 2007 and Update Rollup 1.0 applied. The updates are cumulative, and include new releases of both the Desktop QFE Installer (DQI) Tool and the Component Database, Microsoft says.

Security updates

The numbered security updates are detailed briefly in the posting, as follows:

• KB 941644 -- Vulnerability in TCPIP / IGMP could allow remote code execution
  
• KB 943485 -- Vulnerability in LSASS could allow local elevation of privilege
  
• KB 946026 -- Vulnerability in WebDAV mini-redirector could allow remote code execution
  
• KB 944533 -- Cumulative security update for Internet Explorer
  
• KB 942830 -- Vulnerability in Internet Information Services could allow remote code execution
  
• KB 942831 -- Vulnerability in Internet Information Services could allow elevation of privilege
  
• KB 896428 -- Vulnerability in Telnet client could allow information disclosure

The above security updates fix issues that have also been found in other Microsoft operating systems, such as Windows XP or Server 2003. Therefore, detailed articles on each can be found in Microsoft's Knowledgebase by clicking on the links provided above.

Optional updates

Also available now on the ECE are two optional updates. Unlike the security updates, however, the optional updates are not essential and may or may not apply to a particular customer's XPe OS image, according to Microsoft. Not found in Microsoft's Knowledgebase, presumably because they are XPe-specific, the optional updates are described briefly in the blog posting as follows:

• KB 948687 -- The following missing dependencies have been added to the Search Assistant user interface component: Disk Management Services, Microsoft Agent 2.0 Core Components, MSXML 3.1, Search Assistant English Language Support, and Search Tools
  
• KB 948686 -- A dependency on Primitive: Comcat, needed by some Smart Card applications, has been added to Internet Explorer 6

The company's XPe team began releasing optional updates in August 2007, posted on even-numbered months in conjunction with the security updates that were already being released.

Further information and availability

As mentioned above, you can find out more about the security updates by clicking on the links leading to their corresponding Knowledgebase entries. You can also read the Embedded Windows team's posting announcing the security updates, here, and optional updates, here.

An ECE user name and password is required to obtain the security updates, here, and optional updates, here.

---

Related stories:

• Microsoft releases December 2007 updates for XP Embedded
  
• Installing XP Embedded optional updates without rebuilding images
  
• Optional updates released for Windows XP Embedded
  
• Microsoft offers bimonthly Windows XPe updates
  
• Caching device info in Windows XPe Target Designer
  
• Making Windows XPe TCP/IP changes stick
  
• Repairing DRM in Windows Media Player 11
  
• Protecting Windows-based kiosks from user tampering
  
• Screencast shows how to add resources to Target Designer
  
• Windows XP Embedded team solicits inputs