Amazon said Monday that 99.9 percent of its EC2 cloud instances will receive a live update to patch a Xen security hole and avoid a reboot.
AWS is moving to get ahead of a Xen Security Advisory that is expected to be detailed March 10. Before the Xen security issue is documented publicly AWS and other cloud providers need to patch it. Xen is a hypervisor deployed in many cloud providers.
The cloud reboot issue surfaced in September as service providers had to deal with another Xen security issue. At the time, cloud customers were miffed about the reboot and impact to their businesses. However, AWS fared better than others with the cloud reboot.
On Friday, AWS told customers that less than 10 percent of its EC2 instances would have to be rebooted. Nevertheless, a reboot would be required. The update on Monday alleviated customer concerns. Amazon said:
Since we posted the information below, our team has been working around-the-clock to find ways to minimize the impact for those requiring a reboot. We're happy to share that we'll now be able to live-update the vast majority of our older hardware for this Xen Security Advisory.
RightScale CEO Michael Crandell said AWS customers aren't likely to have to fret about future Xen patches. Crandell said:
The number of instances needing to be rebooted in our own RightScale account on AWS went from 324 to one. In addition, our customers using AWS will also see minimal impact. This is great news for AWS users and may mean that AWS can avoid customer impact from future Xen vulnerabilities.