
AWS accelerates instance reboots in anticipation of research findings - tomchuk
I had some instances that I hadn&#x27;t manually restarted, scheduled for reboot on Friday and Saturday. Just received this email:<p>We previously advised you of important security and operational updates which will require a reboot of one or more of your Amazon EC2 instances in the US-EAST-1 region. Unfortunately, we must accelerate the planned reboot times for these instances given anticipated publication of new research findings.<p>The new maintenance window has been scheduled between January 4, 2018 at 8:00 AM UTC (12:00AM PST) and January 4, 2018 at 2:00 PM UTC (6:00AM PST) during which the EC2 service will automatically perform the required reboot. During the maintenance window, the affected instance will be unavailable for a short period of time as it reboots. We will be performing this maintenance in a single Availability Zone of each Region at a time. For more information on EC2 maintenance, please see our documentation here: https:&#x2F;&#x2F;aws.amazon.com&#x2F;maintenance-help&#x2F; .<p>To avoid your scheduled reboot, you are able to reboot this instance any time prior to the maintenance window. More details on rebooting your instances yourself can be found here: 
https:&#x2F;&#x2F;docs.aws.amazon.com&#x2F;AWSEC2&#x2F;latest&#x2F;UserGuide&#x2F;ec2-instance-reboot.html<p>To see which of your instances are impacted, please visit the &#x27;Events&#x27; page on the EC2 console to view your instances that are scheduled for maintenance:<p>https:&#x2F;&#x2F;us-east-1.console.aws.amazon.com&#x2F;ec2&#x2F;v2&#x2F;home?region=us-east-1#Events<p>Sincerely, 
Amazon Web Services
======
otterley
Security bulletin now available: [https://aws.amazon.com/security/security-
bulletins/AWS-2018-...](https://aws.amazon.com/security/security-
bulletins/AWS-2018-013/)

------
ddorian43
Can't this be disabled somehow for internal servers only ? Say disabling it on
db servers but keep it on api/web servers.

~~~
tomchuk
They're doing this so you (or other shared tenants) can't read your VMs or the
host's memory (and vice versa).

~~~
ddorian43
What about on dedicated servers ? Is there a config that can be done ?

------
devin
I don't think this is a dupe. This notice of reboots is not publicized at all
in the other post.

------
dajohnson89
any ideas what those findings are?

~~~
wlesieutre
[https://googleprojectzero.blogspot.com/2018/01/reading-
privi...](https://googleprojectzero.blogspot.com/2018/01/reading-privileged-
memory-with-side.html)

We have discovered that CPU data cache timing can be abused to efficiently
leak information out of mis-speculated execution, leading to (at worst)
arbitrary virtual memory read vulnerabilities across local security boundaries
in various contexts.

Variants of this issue are known to affect many modern processors, including
certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models,
we have exploits that work against real software. We reported this issue to
Intel, AMD and ARM on 2017-06-01 [1].

So far, there are three known variants of the issue:

    
    
        Variant 1: bounds check bypass (CVE-2017-5753)
        Variant 2: branch target injection (CVE-2017-5715)
        Variant 3: rogue data cache load (CVE-2017-5754)

------
unquietcode
aka "LOL zero day exploit needs to be patched ASAP thx"

~~~
tristanj
It's not a zero-day exploit.

~~~
VikingCoder
There's no way of knowing if this was exploited in the wild before it was
discovered and mitigated. If it was, then it was a zero-day exploit.

~~~
tristanj
By this logic, all exploits for publicly released software, patched or
unpatched, could be zero-day exploits. That would make the term rather
meaningless, IMHO.

