Educause Security Discussion mailing list archives
Re: Embedded OS vulnerabilities and patches
From: Gary Dobbins <dobbins () ND EDU>
Date: Thu, 20 Jul 2006 17:34:07 -0400
(As I understand it) Generally, CE is delivered through OEM's (as distinct from end-user retail like WindowsXP), and it is they who are usually responsible for providing updates. The OEMs have access to patches from MS, but may not always choose to ship an updated composite system image. Were MS to patch CE independently, it could break an embedded system. Imagine a cash register crashing because it visited windowsceupdate.microsoft.com Gary Dobbins, CISSP -- Director, Information Security University of Notre Dame, Office of Information Technologies Mayne, Jim wrote:
I am being asked to install some barcode scanners that use the embedded Microsoft CE operating system and tcp/ip to communicate back to an inventory database server. I do not see any applicable patches on Microsoft's site nor do I remember seeing announcements of know vulnerabilities of the embedded Windows CE operating system. My question is basically how safe are these and how susceptible are they to possible worms targeting OS vulnerabilities? Thanks, Jim Jim Mayne Network Security Engineer Texas Christian University j.mayne () tcu edu (817) 257-6843
Current thread:
- Embedded OS vulnerabilities and patches Mayne, Jim (Jul 20)
- <Possible follow-ups>
- Re: Embedded OS vulnerabilities and patches Gary Dobbins (Jul 20)