EDIS SERVICE SECURITY
Measures taken to address the CPU vulnerabilities relating to (CVE-2017-5754, CVE-2017-5753 and CVE-2017-5715
Update As Of: 2018/02/05 4:30 PM PST
The EDIS application infrastructure is provided by AWS, the development and testing environments pose no risk to customers. The production infrastructure does require risk mitigation. The production infrastructure consists of :
Action taken to address any know vulnerabilities in the EDIS infrastructure
EC2 instances for compute
All instances across the Amazon EC2 fleet are protected from all known instance-to-instance concerns of CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. This issue has been addressed for AWS hypervisors, and no instance can read the memory of another instance, nor can any instance read AWS hypervisor memory.
While all instances are protected as described above AWS has recommended actions for Amazon EC2. We deem the risk to the service and data to be low, as such the the recommended patches will be applied during the March 2018 maintenance window.
RDS databases services
AWS has finished protecting all infrastructure underlying RDS, process-to-kernel or process-to-process concerns of this issue do not present a risk to EDIS. No further action will be required for the RDS services.