The December 2009 Security Updates For Runtimes Are Now Available on the ECE

The December 2009 Windows XP Embedded and Windows Embedded Standard 2009 Security Updates - Product Download is now available on the ECE for Windows® Embedded Standard 2009 (WES 2009) and/or Microsoft® Windows® XP Embedded (XPe) with Service Pack 2, Feature Pack 2007, Update Rollup 1.0 and Service Pack 3.

This download is a cumulative update which incorporates all updates from prior months. Therefore you do not need to download and install previous monthly updates. These updates can be applied directly to runtimes that include the necessary dependencies.

The December Security updates include:

  • KB 976098 - December 2009 cumulative time zone update for Microsoft Windows operating systems 
  • KB 974392 - Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service
  • KB 974318 - Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution
  • KB 976325 - Cumulative Security Update for Internet Explorer
  • KB 973904 - Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (Released under Master KB 975539).
  • KB 955759 - Microsoft Security Advisory (954157) Security Enhancements for the Indeo Codec
  • KB 970430 - Microsoft Security Advisory (973811) Extended Protection for Authentication
  • KB 971737 - Microsoft Security Advisory (973811) Extended Protection for Authentication

Note: KB 968389 is also included and can be applied directly to a runtime image (see Microsoft Security Advisory (973811)). This will be componentized in the February 2010 security update package.

For full details on the December 2009 Embedded Windows Security Updates see the ECE site:

Additional Details:

In Odd numbered months, the Security Supplement Update CD contains the Security DQI updates for just that current month, and cumulative Component Database updates in the \Windows folder for each supported Embedded version (SP2, Feature Pack 2007 or Update Rollup 1.0) through the previous even numbered month. In Even numbered months, the Security Supplement Update CD contains the Security DQI updates for just that current month, and the cumulative Component Database updates for each supported Embedded version, which are updated to include the previous odd numbered month, and the current even numbered month updates.

If you are servicing your existing development environment:

On the Embedded Security Supplement Update CD in the \Windows folder, there is a Component Database Update available for each supported Embedded product version (SP2, FP2007, UPR1). If you install the Component Database update applicable to the product version you are using, your database will be current with security updates up to and including the most current even month’s security updates.

If you are servicing deployed images:

Assuming you had the cumulative Component Database updates applied to your development environment  on your image creation date, you need only deliver the DQI updates for each month following your release date and have them applied directly to the image ­or you can update your development environment as described above, and deliver a new image for re-deployment. There may be other methods you employ for servicing your images, these are the two most basic approaches you can take with the updates we provide.

If you are a new developer installing XP Embedded for the first time:

Install XP Embedded up to the product version you wish to use (SP2, Feature Pack 2007 or Update Rollup 1.0). Then install the cumulative Database Component updates provided for that version from the latest Security Supplement Update CD to bring your database up to date with all security updates up to the most recent even numbered month.

Miscellaneous Optional updates:

You will also see other updates available on the ECE which are Optional Updates. These may or may not be applicable to your image and you can review the release notes for applicability to determine if you wish to implement them. These may be provided in DQI format, Component Database update format, or both.


The Security Supplement Updates were called just Supplement Updates through October 2007, when the name changed to Security Supplement Updates.

If you have questions on accessing the ECE, please email MS Mobile & Embedded Communications Feedback & Support,


- Patrick

Technorati Tags: ,
Comments (2)
  1. vdiman says:


    I am the VDI Administrator at the Army Medical Center here in El Paso, TX.  We are implementing WES 2009 and wonder how we go about getting a subscription/login to access the WES Microsoft security updates?  We are MSDN partners here at the MTF and I believe our higher command are Microsoft partnered.  We are configuring our management software to push the security updates to our clients but would like to be able to stay as current on the security updates as possible.  Thank you in advance for your assistance.


    Daniel W. Asbridge

    I.T. Specialist (INFOSEC)

    V.D.I. Administrator V.E.C. Team

    W.B.A.M.C. Information Management Division  

    Work: 915-569-1163 / Blackberry: 915-892-2045


  2. Hi,

    ECE is a site restricted to OEMs that have received an OEM ID from their distributor when they first bought the toolkit. I have forwarded your post on to the ECE folks to see if they have a record of your company having an OEM ID.


Comments are closed.

Skip to main content