Re: Embedded OS vulnerabilities and patches

[Gary Dobbins <dobbins () ND EDU>]

(As I understand it) Generally, CE is delivered through OEM's (as
distinct from end-user retail like WindowsXP), and it is they who are
usually responsible for providing updates.  The OEMs have access to
patches from MS, but may not always choose to ship an updated
composite system image.

Were MS to patch CE independently, it could break an embedded system.
 Imagine a cash register crashing because it visited
windowsceupdate.microsoft.com

  Gary Dobbins, CISSP -- Director, Information Security
  University of Notre Dame, Office of Information Technologies


Mayne, Jim wrote:
> I am being asked to install some barcode scanners that use the embedded
> Microsoft CE operating system and tcp/ip to communicate back to an
> inventory database server. I do not see any applicable patches on
> Microsoft's site nor do I remember seeing announcements of know
> vulnerabilities of the embedded Windows CE operating system. My question
> is basically how safe are these and how susceptible are they to possible
> worms targeting OS vulnerabilities?
>
> Thanks,
>
> Jim
>
> Jim Mayne
> Network Security Engineer
> Texas Christian University
> j.mayne () tcu edu
> (817) 257-6843