You are not connected. The newsletter may include some user information, so they may not be displayed correctly.

Urgent Veeam Security Update

Urgent Veeam Security Update

‍VMsources

‍Secure Cloud and Business Continuity

‍Thursday, 22 February 2024 04:41 ‍

 

Hello  ‍,

 

Normally, I won't send an email more than once a month, however, I have recieved an important notification from Veeam about a discovered vulnerability and update to correct the problem. This doesn’t happen very often (it’s never happened before), however we recommend that you update Veeam ASAP.

 

If you are a VMsources managed-backup customer, rest at ease. We applied updates to all managed VBR servers beginning the moment we received the notification from Veeam.

 

If you have your own Veeam Backup and Replication servers, it is important to update them right away!

 

Your Business Continuity Specialist,

 

John Borhek

CEO, Lead Solution Architect

VMsources Group Inc.

Mobile: +1 928.606.0483

Direct-dial office: +1 928.864.0850

Email: john@vmsources.com

Website: https://vmsources.com

1. Veeam notification

"Hello,

 

 We are writing to inform you that a vulnerability has been discovered within a Veeam® Backup & Replication™ component that could allow an unauthenticated user request encrypted credentials that could lead to them gaining access to backup infrastructure hosts. This affects all Veeam Backup & Replication versions.

 

We have developed patches for V11 and V12 to mitigate this vulnerability and we recommend you update your installations immediately. You can access the patches and instructions at https://www.veeam.com/kb4424. If you are not the current manager of your Veeam environment, please forward this email to the proper person. If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can also block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.

 

Veeam has a long-standing commitment to ensuring our products protect customers from any potential risk. As part of this, we run a Vulnerability Disclosure Program (VDP) for all our products. In mid-February, a security researcher identified and reported this vulnerability for Veeam Backup & Replication v11 and v12 with a CVSS score of 7.5, indicating high severity. We immediately reviewed and confirmed the vulnerability and developed an update that resolves the issue.

 

If you have any questions, don’t hesitate to contact Veeam support: https://my.veeam.com/#/open-case/step-1


Thank you,

Veeam Customer Support"

2. Update process

The updates ran very smoothly (for us) and we experienced very few issues during the process. Your experience may vary, however we don't foresee many issues in applying the update.

 

  1. Disable all VBR Jobs and wait for them to complete gracefully
  2. Reboot the VBR server
  3. Install the update
  4. Reboot the VBR server (this is not required, but we found it to be necessary)
  5. Log in to the VBR Console
  6. Update remote components (usually happens automatically)
  7. Check iSCSI and other external mounts
  8. Look at the "Backup Infrastructure" section of VBR for any "unavailable" components
  9. Enable all jobs and start a job to test

‍Unsubscribe ‍

 +1 866 644 7764