Comprehensive data protection for all workloads
Post Reply
iDeNt_5
Service Provider
Posts: 70
Liked: 23 times
Joined: Feb 09, 2024 5:34 pm
Full Name: Matteo Fringuelli
Contact:

Info about vulnerability resolved in VBR build 12.3.2.4854

Post by iDeNt_5 »

Hi all,

I read in the KB https://www.veeam.com/kb4869 the following note: This vulnerability only impacts domain-joined backup servers.

I'm wondering if also in the following scenario the patch could be useful to fix possible Veeam affected components (since I saw, for example, that the Transport Service on all servers/clients connected to the VBR is being updated with this patch):
- VBR NOT domain joined
- Veeam Proxies on Windows domain joined

Thanks.
iDeNt_5
Service Provider
Posts: 70
Liked: 23 times
Joined: Feb 09, 2024 5:34 pm
Full Name: Matteo Fringuelli
Contact:

Re: Info about vulnerability resolved in VBR build 12.3.2.4854

Post by iDeNt_5 »

No one can answer this question?
Mildur
Product Manager
Posts: 11986
Liked: 3402 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Info about vulnerability resolved in VBR build 12.3.2.4854

Post by Mildur » 1 person likes this post

Hi Matteo

I will clarify it.

Best,
Fabian
Product Management Analyst @ Veeam Software
iDeNt_5
Service Provider
Posts: 70
Liked: 23 times
Joined: Feb 09, 2024 5:34 pm
Full Name: Matteo Fringuelli
Contact:

Re: Info about vulnerability resolved in VBR build 12.3.2.4854

Post by iDeNt_5 »

Hi Fabian,

Any news?

Thanks.
iDeNt_5
Service Provider
Posts: 70
Liked: 23 times
Joined: Feb 09, 2024 5:34 pm
Full Name: Matteo Fringuelli
Contact:

Re: Info about vulnerability resolved in VBR build 12.3.2.4854

Post by iDeNt_5 »

I think this could be helpful also for some future updates that would only affect the VBR if it's domain joined, or at least it should be a good hint to add a note if it regards just the VBR or all other Veeam Infrastructure servers, depending on whether they are domain joined or not.
Mildur
Product Manager
Posts: 11986
Liked: 3402 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Info about vulnerability resolved in VBR build 12.3.2.4854

Post by Mildur »

Hi Matteo

Still working on it.

Our recommendation is to update to v13.0.2 as soon you can, since this type of vulnerability discussed in this topic does not exist anymore in v13 to design changes in our code.

If you can‘t upgrade to v13 yet, make sure to deploy the latest v12.3.2 update.

Best,
Fabian
Product Management Analyst @ Veeam Software
iDeNt_5
Service Provider
Posts: 70
Liked: 23 times
Joined: Feb 09, 2024 5:34 pm
Full Name: Matteo Fringuelli
Contact:

Re: Info about vulnerability resolved in VBR build 12.3.2.4854

Post by iDeNt_5 »

Hi Fabian,

Sure, I understand, but there are customers for which isn't possible to upgrade to v13, basically because they have a plenty of unusupported OS where the Guest Interaction is enabled (or the Veeam Agent is installed in).

I look forward for your update.

Thanks.
Mildur
Product Manager
Posts: 11986
Liked: 3402 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Info about vulnerability resolved in VBR build 12.3.2.4854

Post by Mildur »

Hi Matteo,

Then I recommend upgrading at least to the latest patch of v12.3.2.

Keep in mind that v12 reaches end of life in February next year — meaning no security fixes after February. I’d recommend starting the conversation with your customers about moving to a supported OS/platform. I assume these “unsupported OS” versions are also already out of support with the OS vendor, correct?

Best,
Fabian
Product Management Analyst @ Veeam Software
iDeNt_5
Service Provider
Posts: 70
Liked: 23 times
Joined: Feb 09, 2024 5:34 pm
Full Name: Matteo Fringuelli
Contact:

Re: Info about vulnerability resolved in VBR build 12.3.2.4854

Post by iDeNt_5 »

Hi Fabian,

I already installed the latest patch on all customers with the VBR domain-joined, plus one that has VBR not domain-joined but with the other Veeam Infrastructure Servers domain-joined, just to prevent any possible risks, meanwhile I'm still waiting for your confirmation regarding any future similar update scenarios.

Yes, you're right about the OS vendor EoS question, but in some corner cases the migration to a new supported one is not that easy and smooth, since there are some implications with external applications providers.

I also know the Veeam Lifecycle Policy and I already informed all customers about that.

Thanks.
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Semrush [Bot] and 686 guests