August 2007 Monthly Security Updates are Now Available on the ECE

The August 2007 Windows XP Embedded Monthly Security Updates are now available on the Mobile & Embedded Communications Extranet (ECE) for Microsoft® Windows® XP Embedded Service Pack 2, Feature Pack 2007, and Update Rollup 1.0. This supplement includes updates for both the Desktop QFE Installer (DQI) Tool and the Component Database.

The following updates are included in this release – please see the ECE for more details:
· KB 939373 Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution
· KB 925398 Vulnerability in Windows Media Format Could Allow Remote Code Execution
· KB 936021 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
· KB 921503 Vulnerability in OLE Automation Could Allow Remote Code Execution
· KB 937143 Cumulative Security Update for Internet Explorer
· KB 938829 Vulnerability in GDI Could Allow Remote Code Execution
· KB 936782 Vulnerability in Windows Media Player could allow remote code execution.
· KB 933360 August 2007 cumulative time zone update for Microsoft Windows
· KB 929123 Cumulative Security Update for Outlook Express and Windows Mail - URL Redirect Cross Domain Information Disclosure Vulnerability
· KB 935839 Vulnerability in Win 32 API Could Allow Remote Code Execution
· KB 935840 Vulnerability in SChannel could allow Remote Code Execution
· KB 928365 Vulnerabilities in .NET Framework Could Allow Remote Code Execution
· KB 938127 Vulnerability in Vector Markup Language Could Allow Remote Code
· KB 923689 Vulnerability in Windows Media Format Could Allow Remote Code Execution

Please note that the Component Database version of KB938127 UPR1 will be available in October- this is to accommodate testing for the later IE version used by UPR1. This release also includes UPR1 Component Database updates for June, July and August, bringing UPR1 updates current. The IE rollup from June has been superseded by the IE rollup package included in this August release. Lastly, please note that as previously announced on the blog,, an optional software update was also made available this month from the Embedded Product Group. Moving forward in even numbered months, you can expect to see more optional software updates made available in the same time frame as the Security Updates. You can review the optional software updates to see if they contain items that would be useful for your images.

The August 2007 Windows XP Embedded Monthly Security Updates are available at the following link on the ECE:
https://ece.partners.extranet.microsoft.com/ece/ProductDownloads/TheDownloads/Embedded/XPE/XPEMonthlyUpdates/Aug07XPEmbeddedSecurityUpdates.htm

If you have questions on accessing the ECE, please email MS Mobile & Embedded Communications Feedback & Support, ECE@microsoft.com.

-Katy