2015/07/21 - 12:35 PM PST - Update
AWS Elastic Beanstalk
We have updated all Elastic Beanstalk Windows containers per MS15-JULY, as described at https://technet.microsoft.com/en-us/library/security/ms15-jul.aspx.
Steps to migrate your existing environment to the updated version:
1. Log in to the AWS Management Console and select Elastic Beanstalk from the list of services.
2. Find the application you want to migrate and then click the Action button next to the application name.
3. In the drop-down menu, select Clone Environment.
4. In the Clone Environment screen, click Clone.
(Elastic Beanstalk will select the updated version of your current platform for the new environment.)
5. Once the environment clone has finished, test your application to make sure that it works as expected.
6. On the new environment’s overview screen, click Action and then click Swap Environment URLs
7. On the swap URL screen, select the old environment that you want to swap URLs with and then click Swap.
8. Once the swap is complete, the new environment will be serving traffic.
The default versions of all Windows containers have been updated to point to the new version. For more information, please see Supported Platforms.
-----------------------------------------------------------------------------
2015/07/20 - 2:30 PM PST
Microsoft has announced a vulnerability (MS15-078) in the Microsoft Font Driver that could allow for remote code execution affecting all supported versions of the Windows operating system. This vulnerability may allow an attacker to remotely gain control over a user’s system if a user opens a specially crafted document or if the user visits an untrusted webpage that contains embedded OpenType fonts. With the exception of the services listed below, we have been able to verify that the AWS services are unaffected.
AWS Elastic Beanstalk
We are currently investigating.
Workspaces
We are actively patching the default workspace image that is used on initial launch. Workspaces by default have Windows Autoupdate enabled, so customers that have not changed the autoupdate settings will not need to take action. We will update this bulletin when patches are complete.
Customers can follow the steps to update immediately here:
http://windows.microsoft.com/en-US/windows/help/windows-update
Detailed information about the vulnerability, including Microsoft instructions for updating to address this vulnerability, is available here:
https://technet.microsoft.com/library/security/ms15-078
AWS customers running Windows instances on EC2 Windows or Workspaces, and who have not enabled the automatic software updating feature within Windows, should manually install the necessary update by following the instructions here:
http://windows.microsoft.com/en-US/windows/help/windows-update
AWS customers running Windows instances on EC2 Windows or Workspaces, and who have enabled the automatic software updating feature within Windows, are not required to take immediate actions. Windows autoupdate should download and install the necessary update which will subsequently address this vulnerability. Instructions on how to ensure automatic updating is enabled are here:
http://windows.microsoft.com/en-US/windows/help/windows-update
Microsoft provides additional guidance about automatic software update configuration options for Windows here:
http://support.microsoft.com/kb/294871
We will continue to update this Security Bulletin.