Publication Date: 2023/10/06 03:00 PM PDT
AWS recently identified an issue in Amazon WorkSpaces Windows Client versions 5.9.0 and 5.10.0 which resulted in unintentionally logging connection debugging information to a user's local system. This may include usernames or passwords if they contain specific characters: \ (backslash) or " (double quotes). Amazon WorkSpaces Windows Client version 5.12.0 resolves this issue and will automatically delete the logs generated from versions 5.9.0 and 5.10.0. Windows Client version 5.11.0 also includes a fix for this issue, however we recommend updating to 5.12.0 because it includes additional optimizations..
AWS has proactively communicated with the customers using these impacted versions. AWS has also communicated directly to the small number of customers where password rotation might be needed.
If you have any questions or concerns about these updates, please reach out to AWS Support. Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.