The September 2010 Security Updates are now available on the ECE site for Windows® Embedded Standard 2009 and/or Microsoft® Windows® XP Embedded with Service Pack 2, Feature Pack 2007, Update Rollup 1.0 and Service Pack 3.
This security update can be applied directly to runtime images.
The September Security Updates include:
- KB981322 Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution
- KB982802 Vulnerability in Remote Procedure Call Could Allow Remote Code Execution
- KB2121546 Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege
- KB2259922 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution
- KB2290570 Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution
- KB2347290 Vulnerability in Print Spooler Service Could Allow Remote Code Execution
- KB975558 Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution
- KB2124261 Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution
This update also includes a re-release of the componentized August Security Updates for the XP Embedded SP3 with IE7WMP11 and Windows Embedded Standard 2009 with IE7WMP11, to fix an issue with upgrading .slx files when the original August Security Updates were included in the database.
The file name is appended with "-v2" to indicate the file is a re-release of the original updates. The revised updates, once applied to the XP Embedded SP3 IE7WMP11 or Windows Embedded Standard 2009 database will override the original August Security Updates shipped in August.
If you have questions on accessing the ECE, please email MS Mobile & Embedded Communications Feedback & Support, ECE@microsoft.com.