No matter how carefully engineered the services are, from time to time it may be necessary to notify customers of security and privacy events with AWS services. We will publish security bulletins below. You can also subscribe to our Security Bulletin RSS Feed to keep abreast of security announcements.

Date Type Subject
June 29, 2015 Informational Update on AWS's Switch to SHA256 for SSL Certificates
May 13, 2015 Informational AWS to Switch to SHA256 Hash Algorithm for SSL Certificates
May 12, 2015 Informational XSA Security Advisory CVE-2015-3456 "VENOM"
March 19, 2015 Informational OpenSSL Security Advisory - March 2015
March 10, 2015 Important XSA Security Advisories
March 3, 2015 Important SSL Issue "FREAK Attack"
January 27, 2015 Important CVE-2015-0235 Advisory (Ghost)
January 20, 2015 Important Oracle Critical Patch (January 2015)
January 08, 2015 Informational OpenSSL Security Advisory (January)
November 24, 2014
Amazon RDS - Oracle Security Advisory
November 11, 2014 Important MS14-066 Advisory
October 17, 2014
Amazon RDS – MySQL Security Advisory
October 14, 2014 Important CVE-2014-3566 Advisory (POODLE)
October 01, 2014 Informational XSA Security Advisory 108
September 24, 2014 Important CVE-2014-6271 Advisory
June 05, 2014 Informational OpenSSL Security Advisory
May 29, 2014 Informational Possible Insecure Elasticsearch Configuration
April 08, 2014 Important HeartBleed Bug Update
April 08, 2014 Important AWS Services Updated to Address OpenSSL Vulnerability
April 08, 2014
RDS PostgreSQL Updated to Address OpenSSL Vulnerability
April 07, 2014 Important HeartBleed Bug Concern
May 23, 2013 Important Red Hat and Other Third-party Public AMIs Security Concern
November 02, 2012 Important Reported SSL Certificate Validation Errors in API Tools and SDKs
September 11, 2012 Informational Xen Security Advisories
June 15, 2012 Important Microsoft Windows RDP Vulnerability
June 12, 2012 Informational Xen Security Advisories
March 13, 2012 Important Microsoft Windows RDP Vulnerability
October 23, 2011 Important JBoss Worm Spreading via Unpatched or Unsecured JBoss Application Server
October 20, 2011 Informational Reported SOAP Request Parsing Vulnerabilities
August 31, 2011 Important Morto Worm Spreading via Remote Desktop Protocol
June 04, 2011 Informational Reminder about Safely Sharing and Using Public AMIs
February 18, 2011 Important Windows CIFS Browser Protocol Heap Corruption Vulnerability
September 22, 2010 Important Amazon Payments Signature Validation
September 18, 2010 Important Linux kernel IA32 System Call Emulation Vulnerability
August 10, 2010 Informational Possible Insecure memcached Configuration
July 13, 2010 Informational Gmail Accounts Accessed by EC2 IPs
April 18, 2010 Informational SIP abuse
December 12, 2009 Informational Zeus Botnet Controller
December 03, 2009 Informational SSL and TLS renegotiation vulnerabilities
November 05, 2009 Informational Linux 2.6 kernel vulnerability in certain EC2 AMIs
October 13, 2009 Informational UDP traffic to EC2 instances
September 29, 2009 Informational Linux kernal vulnerability in certain EC2 AMIs
September 17, 2009 Informational MIT and UC San Diego researchers publish report

If you are a security researcher and wish to communicate with us, please read our Vulnerability Reporting process to learn how to contact us via email. A PGP key is available to protect your communications with us.

Customers can report suspected abuse via the contacts available here: