2015/08/19 - 11:15 AM PST
Microsoft has announced a vulnerability (MS15-093) in Microsoft Internet Explorer that could allow for remote code execution affecting Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on both Windows clients and Windows Servers. This vulnerability may allow an attacker to remotely gain control over a user’s system if the user visits a malicious webpage. With the exception of the services listed below, we have been able to verify that the AWS services are unaffected.
We are actively patching the default workspace image that is used on initial launch. Workspaces by default have Windows Autoupdate enabled, so customers that have not changed the autoupdate settings will not need to take action. We will update this bulletin when patches are complete.
Customers can follow the steps to update immediately here:
Detailed information about the vulnerability, including Microsoft instructions for updating to address this vulnerability, is available here:
AWS customers running Windows instances on EC2 Windows or Workspaces, and who have not enabled the automatic software updating feature within Windows, should manually install the necessary update by following the instructions here:
AWS customers running Windows instances on EC2 Windows or Workspaces, and who have enabled the automatic software updating feature within Windows, are not required to take immediate actions. Windows autoupdate should download and install the necessary update which will subsequently address this vulnerability. Instructions on how to ensure automatic updating is enabled are here:
Microsoft provides additional guidance about automatic software update configuration options for Windows here:
We will continue to update this Security Bulletin.