Summary
AWS addressed an issue with the Amazon EC2 VM Import Export Service where importing Windows VMs with custom Sysprep answer files resulted in an unprotected backup copy being created, potentially exposing sensitive data. The issue affected imports made before April 12, 2024, and could impact instances launched from affected AMIs.
Affected Services
Amazon EC2 VM Import Export Service
Remediation
Check for .vmimport files in specified directories, restrict access or remove the file, delete affected AMIs, and create new AMIs using the EC2 VMIE Service or EC2 API/Console after applying the fix to the instance.
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
-
Exploitablity Period
Until 2024/04/12
Known ITW Exploitation
-
Detection Methods
Search for files ending with .vmimport in specified Windows directories associated with Sysprep on imported EC2 instances or instances launched from potentially affected AMIs.
Piercing Index Rating
-
Discovered by
Immersive Labs
