Compartilhar via

April 2009 Security Updates Are Now Available On the ECE

  • Artigo

The April 2009 Windows XP Embedded and Windows Embedded Standard Security Updates - Product Download is now available on the ECE for Windows® Embedded Standard 2009 and/or Microsoft® Windows® XP Embedded with Service Pack 2, Feature Pack 2007, Update Rollup 1.0 and Service Pack 3. These are the DQI updates that can be applied directly to runtimes that include the dependencies necessary to handle the WinSE installer.

This download is a cumulative update which incorporates all updates from prior months. Therefore you do not need to download and install previous monthly updates.

The Updates in this rollup package are arranged in the following way:

  • The downloads in WindowsEmbeddedStandard folder are applicable to Windows Embedded Standard 2009 toolkit and images.
    • The downloads in the WindowsEmbeddedStandard\Windows folder are only to be used with the Component Database within the Target Designer toolkit in the Windows Embedded Standard release.
    • The downloads in the WindowsEmbeddedStandard\DQI folder contains individual updates for use with Desktop QFE Installer only. Use these updates to individually update the Windows Embedded Standard 2009 image.
  • The downloads in WindowsXPEmbedded folder are applicable to Windows XP Embedded toolkit and images.
    • The downloads in the WindowsXPEmbedded\Windows folder are only to be used with the Component Database within the Target Designer toolkit in the Windows XP Embedded release.
    • The downloads in the WindowsXPEmbedded\DQI folder contains individual updates for use with Desktop QFE Installer only. Use these updates to individually update the Windows XP Embedded image.

The April Security updates include:

  • 958690 - Vulnerabilities in Windows Kernel Could Allow Remote Code Execution
  • 960225 - Vulnerability in SChannel Could Allow Spoofing
  • 960477 - Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
    • Note: KB960477 is a master KB that encompasses KB923561.
  • 961373 - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
  • 959454 - Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
    • Note: KB959454 is a master KB that encompasses KB952004 and KB956572
  • 960803 - Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
  • 963027 - Cumulative Security Update for Internet Explorer (963027)
  • 959426 - Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)

For full details on the April 2009 Embedded Windows Security Updates see the ECE site:

https://ece.partners.extranet.microsoft.com/ece/Embedded/Products/ProductSupplements/Embedded/XPE/XPEMonthlyUpdates/DisOEM-Apr09XPEandWES2009SecUpds.htm

If you have questions on accessing the ECE, please email MS Mobile & Embedded Communications Feedback & Support, ECE@microsoft.com.

Thanks,

- Patrick

Technorati Tags: Xpe,Standard 2009

Comments

  • Anonymous
    May 01, 2009
    PingBack from http://asp-net-hosting.simplynetdev.com/april-2009-security-updates-are-now-available-on-the-ece/

  • Anonymous
    June 03, 2009
    KB960477- I wonder if WRITE.EXE and WRITE.HLP from WFW3.11 are vulnerable. I put them on my system (in C:WINDOWS) and pointed *.WRI files to open using Write. It seems to work fine on XP Pro. If the text converters are the problem I'd think WFW 311 WRITE.EXE will be OK.(Win9x Write uses the converters) MSO Word 2007 gives a nice scary warning now when opening *.WRI files and I don't want to install Word Viewer on top of a full MSO installation.

  • Anonymous
    June 03, 2009
    Are you doing this on an XP Embedded or Windows Embedded Standard 2009 system? Office products like Word are not licensed for use on Embedded.

  • Anonymous
    June 03, 2009
    I apologize. I posted here in the wrong place. I am not dealing with an embedded system, just a normal XP Pro install. I did a custom (re)install. As a courtesy I usually look at older programs (espesially 16 bit) if I have time after a service pack release before releasing a computer I install. I noticed the "read me" file did not work for one of these program, then fished around and found it was due to the cumulative security update. I put the WFW 3.1 Write on the system, and searched MSDN blogs for KB960477. This KB didn't get a lot of notice, I think 3 hits total. I was intending to fish and see if I defeated the purpose of the update, or if I'm OK here.