Developer update for Windows CE closes critical holes
Microsoft has released an update for its Windows CE 5.0 developer environment that fixes vulnerabilities in functions for processing JPEG and GIF image files. The holes allow attackers to execute arbitrary code remotely via manipulated web pages if the user loads them with the embedded browser.
Redmond advises CE developers to install Windows CE 5.0 Platform Builder Monthly Update (February 2008) as soon as possible, and then recompile the operating system in order to fix the error. End users will have to wait until device manufacturers react and incorporate the update into their operating systems. Users who have a device that uses the Windows CE operating system should check regularly with their vendor for OS or firmware updates and install these once they become available.
(mba)