https://aws.amazon.com/security/security-bulletins/Latest BulletinsRead our latest security bulletins here. aws@amazon.com (Amazon Web Services)Thu, 12 Oct 2017 12:26:37 +0000Thu, 12 Oct 2017 12:26:37 +0000http://blogs.law.harvard.edu/tech/rsshttps://a0.awsstatic.com/main/images/feed/AWSlogo_200x100.pnghttps://aws.amazon.com/security/security-bulletins/Latest BulletinsRead our latest security bulletins here. https://aws.amazon.com/security/security-bulletins/AWS-2017-011/8222e4204a4da0a7a3edfc0b542bf651f79ec4d0Xen Security Advisories - October 2017<p><b>2017/10/12 05:00 PDT</b></p> <p>The Xen Security team has published Security Advisories <a href="http://xenbits.xen.org/xsa/" target="_blank">236-244</a> regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.</p>Thu, 12 Oct 2017 12:22:21 +0000aws@amazon.comhttps://aws.amazon.com/security/security-bulletins/AWS-2017-010/cb6cc54652298db176c60736e2455f9e44c65450Xen Security Advisories - September 2017<p><b>2017/09/12 05:00AM PDT</b></p> <p>The Xen Security team has published Security Advisories <a href="http://xenbits.xen.org/xsa/" target="_blank">231-234</a> regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.</p>Tue, 12 Sep 2017 12:07:53 +0000aws@amazon.comhttps://aws.amazon.com/security/security-bulletins/AWS-2017-009/ead53746fac0b8af3ac85a7c01efcc3907bb4adcXen Security Advisories - August 2017<p><b>2017/08/15 8:00AM PDT</b></p> <p>The Xen Security team has published Xen Security Advisories <a href="http://xenbits.xen.org/xsa/" target="_blank">226-230</a> regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.</p>Tue, 15 Aug 2017 14:51:22 +0000aws@amazon.comhttps://aws.amazon.com/security/security-bulletins/AWS-2017-008/1a0c633e8efcbafe9128bf4b4651bfbdf505c893Xen Security Advisories - June 2017<p><b>2017/06/20 05:00 PDT </b><br /> <br /> The Xen Security team has published Xen Security Advisories <a href="http://xenbits.xen.org/xsa" target="_blank">216-225</a> regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.<br /> </p>Tue, 20 Jun 2017 12:02:52 +0000aws@amazon.comhttps://aws.amazon.com/security/security-bulletins/AWS-2017-007/08a6ce88454772a7fd40a9ec037fa9bc8f10e7e7Linux Security Advisories - June 2017<p><b>2017/06/19 12:30 PDT</b></p> <p>We have reviewed our services for impact by the recent Linux security issues <a href="https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash" target="_blank">disclosed</a> by Qualys. With the exception of the services listed below, no customer action is required to address these issues.</p> <p><b>Amazon Linux AMI</b></p> <p><b>UPDATE (2017/06/19 3:00PM PDT): </b>We have released new Amazon Linux AMIs that include mitigations against these issues. These AMIs are available via the EC2 console, CLI and APIs. Instances launched using the EC2 console after 2017/06/19 11AM PDT will include mitigations against this issue. Customers running older versions of the Amazon Linux AMI should follow the instructions below to update their EC2 resources. Updated AMI IDs are available <a href="https://aws.amazon.com/amazon-linux-ami/" target="_blank">here</a>.<br /> </p> <p><b>2017/06/19 12:30PM PDT: </b>We have updated the Linux kernel and glibc packages within the Amazon linux repositories. Customers with existing Amazon Linux AMI instances should run the following command to ensure they receive the updated packages, after which a reboot will be required:</p> <p>&nbsp;&nbsp;&nbsp; <i>sudo yum update kernel glibc</i></p> <p>We are preparing an updated version of the Amazon Linux AMI for release later today, and will update this bulletin once it is available for use. Information on the <a href="https://alas.aws.amazon.com/ALAS-2017-844.html" target="_blank">glibc</a> and <a href="https://alas.aws.amazon.com/ALAS-2017-845.html" target="_blank">kernel</a> patches is available in the <a href="https://alas.aws.amazon.com" target="_blank">Amazon Linux Security Center.</a></p> <p><b>AWS Elastic Beanstalk</b></p> <p><b>UPDATE (2017/06/27 5:00PM PDT)</b>: We have released updates for Linux-based Elastic Beanstalk platforms. If you have <a href="http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-platform-update-managed.html" target="_blank">Managed Platform Updates</a> enabled for your environment, it will be automatically updated to the latest platform version in your selected maintenance window and no customer action is required. You can also update immediately by going to the Managed Updates configuration page and clicking on the &quot;Apply Now&quot; button. Customers who have not enabled Managed Platform Updates can update their environment's platform by following instructions <a href="http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.platform.upgrade.html" target="_blank">here</a>.</p> <p><b>2017/06/19 12:30PM PDT</b>: We are preparing platform updates for AWS Elastic Beanstalk. Customers who use Linux-based platforms and have enabled managed platform updates do not need to take action. We will update this bulletin with information for customers who have not enabled managed platform updates when available.<a href="https://alas.aws.amazon.com" target="_blank"></a></p> <p><b>Amazon EC2 Container Service (ECS)</b></p> <p>We recommend that ECS customers examine their environments, and update the kernel and glibc packages on EC2 instances within an ECS cluster. If you use Amazon Linux or the Amazon ECS-optimized AMI, you can follow the directions in the &quot;Amazon Linux AMI&quot; section above. Otherwise, please consult with your operating system provider for information on updated packages.</p> <p><b>AWS CodeBuild</b></p> <p><b>UPDATE (2017/06/24 2:00PM PDT)</b>: We have completed updates to the CodeBuild infrastructure. No customer action is required.</p> <p><b>2017/06/19 12:30PM PDT</b>: AWS CodeBuild is currently being updated. We will update this bulletin when the updates have completed. No customer action is required.<br /> </p>Wed, 28 Jun 2017 00:22:26 +0000aws@amazon.comhttps://aws.amazon.com/security/security-bulletins/AWS-2017-006/71d25012b53fbe8efd29ba4dd3d0ccf85ce4e956Microsoft Security Bulletin MS17-010 Advisory<p><b>2017/05/17 7:00PM PDT</b></p> <p>AWS is aware of the WannaCry ransomware (also known as WCry, WanaCrypt0r 2.0 and Wanna Decryptor) that leverages issues in multiple versions of Microsoft Windows SMB Server. By default, SMB operates on UDP ports 137 &amp; 138, and TCP ports 139 &amp; 445. This service provides remote systems with file and print sharing capabilities. On March 14, 2017, Microsoft released a critical security update for Microsoft Windows SMB Server, which mitigates this issue. More information is available from Microsoft in the <a href="https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/" target="_blank">Microsoft MSRC blog</a> and in <a href="https://technet.microsoft.com/en-us/library/security/ms17-010.aspx" target="_blank">Microsoft Security Bulletin MS17-010</a>. AWS services are unaffected with the exception of those listed below:</p> <p><b>EC2 Windows</b></p> <p>AWS customers using the AWS-provided Windows AMIs from the 2017.04.12 release, or that have enabled automatic updates are not affected. We encourage customers using an older AMI or who do not have automatic updates enabled to install the security update. As always, AWS recommends that customers follow security best practices, and to review their security group settings and grant access to the aforementioned ports only to instances and remote hosts that require it. By default, EC2 security groups block these ports.</p> <p>AWS's Windows AMI release notes are available <a href="http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/windows-ami-version-history.html#windows-ami-versions" target="_blank">here</a>.</p> <p><b>WorkSpaces</b></p> <p>WorkSpaces created on or after April 15, 2017, or that have automatic updates enabled, are not affected. We encourage customers who created their WorkSpace(s) prior to April 15, 2017, and do not have automatic updates enabled to either install the security update or to rebuild their WorkSpace.</p> <p><b>Directory Service</b></p> <p><b>UPDATE 2017/05/20: </b>We have completed patching of Microsoft AD customer directories. No customer action is required.</p> <p><b>2017/05/17</b>: We are actively patching Microsoft AD directories. Customers are protected from external access by default Directory Service configuration which only permits access from within the customer’s VPC. We will update this bulletin when patching is complete.</p> <p>Amazon Simple AD, AD Connector and AWS Cloud Directory are not affected by this issue.</p> <p><b>Elastic Beanstalk</b></p> <p>Elastic Beanstalk environments using the Windows Server platform created or updated after May 4, 2017 are not affected by this issue. We encourage customers with existing Elastic Beanstalk Windows environments to <a href="https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.platform.upgrade.html" target="_blank">update</a> their platform version to receive the update. This can be accomplished via the AWS Management Console, or by <a href="https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-management-rebuild.html" target="_blank">rebuilding</a> the environment. Elastic Beanstalk release notes for the latest platform version are available <a href="https://aws.amazon.com/releasenotes/AWS-Elastic-Beanstalk/9659097461312231" target="_blank">here</a>.</p>Sat, 20 May 2017 20:30:47 +0000aws@amazon.comhttps://aws.amazon.com/security/security-bulletins/AWS-2017-005/5ba0f09b654c1552eb67e628ec271ecb9a08927bXen Security Advisories - May 2017<p><b>2017/05/02 05:00AM PDT</b></p> <p>The Xen Security Team has released Xen Security Advisories <a href="http://xenbits.xen.org/xsa/advisory-213.html" target="_blank">213</a>, <a href="http://xenbits.xen.org/xsa/advisory-214.html" target="_blank">214</a> and <a href="http://xenbits.xen.org/xsa/advisory-215.html" target="_blank">215</a> regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.</p>Tue, 02 May 2017 12:06:06 +0000aws@amazon.comhttps://aws.amazon.com/security/security-bulletins/AWS-2017-004/15eb366af590d28d84197dedd24f75a6cfb3ace8Xen Security Advisory 212 (XSA-212)<p><b>2017/04/04 05:00AM PDT</b></p> <p>The Xen Security Team has released Xen Security Advisory <a href="http://xenbits.xen.org/xsa/advisory-212.html" target="_blank">212</a> regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.</p>Tue, 04 Apr 2017 12:46:51 +0000aws@amazon.comhttps://aws.amazon.com/security/security-bulletins/AWS-2017-003/0934009102018f2e96998312ad2eb95334a8a75dXen Security Advisory 211 (XSA-211)<p><b>2017/03/14 05:00AM PDT</b></p> <p>The Xen Security Team has released Xen Security Advisory <a href="http://xenbits.xen.org/xsa/advisory-211.html" target="_blank">211</a> regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.&nbsp;</p>Tue, 14 Mar 2017 12:01:51 +0000aws@amazon.comhttps://aws.amazon.com/security/security-bulletins/AWS-2017-002/c2c337bc676018c8d154397d8b504758203bcdd6Xen Security Advisory 209 (XSA-209)<p><b>2017/02/21 04:00AM PST</b><br /> <br /> The Xen Security Team has released Xen Security Advisory <a href="http://xenbits.xen.org/xsa/advisory-209.html" target="_blank">209</a> regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.</p>Tue, 21 Feb 2017 12:06:44 +0000aws@amazon.com