Skip to main content
  • EN

It shouldn’t be news to you that Veeam B&R had 2 critical vulnerabilities (CVSS 9.8/8.8) in March 2022. Patches were released for v10a and v11a at that time.

Here’s the corresponding KB article and a post from @Iams3le:

Veeam KB4288

If you haven’t updated yet, then here’s another good reason.

Last week the Cybersecurity & Infrastructure Security Agency (CISA) added both vulnerabilites to their known exploit catalog. This means that attackes are now actively exploiting the vulnerabilities and targeting environments which use Veeam B&R.

CISA Known Exploited Vulnerabilites Catalog

 

I hope you don’t need more reasons to keep your Veeam installation up-to-date? Please also keep in mind that any other Veeam build below v10 is also affected. But as those are already End of Fix/Support, they didn’t receive any patches.

Time to get patching if you have not already.  We patched as soon as these came out.

all my Veeam Infrastructures are patched to the latest version 11a (build 11.0.1.1261 P20220302), I wait 2 months before installing it. 🙂 ;) 

Time to get patching if you have not already.  We patched as soon as these came out.

Same here. Patched as soon as we were made aware. 

I am confused by the above comment from Link, vs kb4288.


The kb indicates that 11a itself (11.01.1261.P20220302) does not include the patch for these vulns. So just having 11a does not do the job. Correct? Our warning from DoD says 

Patches are available for Veeam Backup and Replication version 11a (build 11.0.1.1261 P20220302) and version 10a (build 10.0.1.4854 P20220304).5 Veeam does not intend to release a fix for 9.5 and advises users to upgrade to a supported version.”

 

thanks!

I am confused by the above comment from Link, vs kb4288.


The kb indicates that 11a itself (11.01.1261.P20220302) does not include the patch for these vulns. So just having 11a does not do the job. Correct? Our warning from DoD says 

Patches are available for Veeam Backup and Replication version 11a (build 11.0.1.1261 P20220302) and version 10a (build 10.0.1.4854 P20220304).5 Veeam does not intend to release a fix for 9.5 and advises users to upgrade to a supported version.”

 

thanks!

The comment from Link and KB URL does indicate that these are patched in the build referenced for 11a and v10a.  Anything below this is not patched.

Comment


Terms & Conditions