AWS Security ChangesHomeSearch

AWS waf medium security documentation change

Service: waf · 2026-06-04 · Security-related medium

File: waf/latest/developerguide/aws-managed-rule-groups-changelog.md

Summary

Added changelog entry for Windows OS rule group version 2.5 with updated detection logic and rule replacement (QUERYARGUMENTS to QUERYSTRING)

Security assessment

The rule group update specifically improves detection of WindowsShell command injection attacks. Changing inspection focus from query arguments to query string indicates security logic enhancement against injection vulnerabilities.

Diff

diff --git a/waf/latest/developerguide/aws-managed-rule-groups-changelog.md b/waf/latest/developerguide/aws-managed-rule-groups-changelog.md
index cafa4965f..d42fc0c0e 100644
--- a//waf/latest/developerguide/aws-managed-rule-groups-changelog.md
+++ b//waf/latest/developerguide/aws-managed-rule-groups-changelog.md
@@ -22,0 +23,9 @@ Rule group and rules | Description | Date
+[Windows operating system managed rule group](./aws-managed-rule-groups-use-case.html#aws-managed-rule-groups-use-case-windows-os)
+
+  * `WindowsShellCommands_HEADER`
+  * `WindowsShellCommands_URIPATH`
+  * `WindowsShellCommands_BODY`
+  * `WindowsShellCommands_QUERYARGUMENTS`
+  * `WindowsShellCommands_QUERYSTRING`
+
+|  Released static version 2.5 of this rule group.  Removed `WindowsShellCommands_QUERYARGUMENTS` and replaced it with `WindowsShellCommands_QUERYSTRING`.  Updated WindowsShellCommands rules to improve detection logic. | 2026-06-01