Sachin Patil

**Name of the Vulnerable Software and Affected Versions** Amazon ECS Agent on Windows versions prior to 1.103.0 **Description** Improper neutralization of inputs used in an OS command within the FSx Windows File Server volume mounting component allows a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host. This is achieved by using a specially crafted `username` field in an ECS task definition. Exploitation requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration. **Recommendations** Upgrade to version 1.103.0.