I was just alerted by my security team that Microsoft has released a patch in the next monthly rollup to mitigate the Petitpotam vulnerability.
A blurb in their release notes states that: "This security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through LSARPC interface." and "Microsoft warns that installing this update may affect backup software that utilizes the EFS API OpenEncryptedFileRaw(A/W) function."
Will this affect Veeam in any way?
-
JHuston
- Enthusiast
- Posts: 36
- Liked: 5 times
- Joined: May 29, 2018 1:06 pm
- Full Name: Jeff Huston
- Contact:
-
Gostev
- Chief Product Officer
- Posts: 31561
- Liked: 6725 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Petitpotam vulnerability patch released may affect backup software?
Based on this, image-level backups obviously should not be affected. So vast majority of our customers have nothing to worry about.
At a first sight, it seems that any possible impact would be limited to Veeam Agent for Windows (file-level backup mode) and Veeam Backup & Replication (NAS backup functionality) when those are set to protect files hosted on EFS volumes. So these will need to be tested once the patch is available.
At a first sight, it seems that any possible impact would be limited to Veeam Agent for Windows (file-level backup mode) and Veeam Backup & Replication (NAS backup functionality) when those are set to protect files hosted on EFS volumes. So these will need to be tested once the patch is available.
Who is online
Users browsing this forum: Bing [Bot], Semrush [Bot] and 112 guests