Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. An issue exists where, under certain circumstances, improper input validation in the FSx Windows File Server volume mounting process allows command injection through specially crafted credentials.

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration.

To remediate this issue, users should upgrade to version 1.103.0.

Impacted versions: Version 1.47.0 through 1.102.2 of the ECS Agent for Windows

This issue only impacts ECS Windows worker instances. ECS on Fargate is not affected. This issue has been addressed in ECS agent version 1.103.0. Amazon ECS recommends [upgrading](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch window-container instance.html) to the latest Amazon ECS-optimized Windows AMI with an updated ECS agent version.

Customers who cannot update to the latest AMI can restrict ecs:RegisterTaskDefinition permissions to trusted IAM principals only and restrict write access to Secrets Manager secrets referenced in FSx volume configurations.

If you have any questions or comments about this advisory, Amazon ECS asks that users contact [AWS/Amazon] Security via vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

Amazon ECS would like to thank Sachin Patil for collaborating on this issue through the coordinated vulnerability disclosure process.