• EN

Vulnerability in Veeam Backup & Replication - March 2023

Show first post

60 comments

C
Userlevel 1

I keep getting the same error to stop and disable all jobs. I have made sure there are no running jobs and have rebooted the server. Do I need to disable all jobs even if they aren’t running?

 

pgallenga
Userlevel 3
Badge

Hello everybody,

I’m having issues with one of the v11 installations after applying the patch, with errors like:

Failed to preprocess target Error: Field not found: 'Veeam.Backup.Common.COptions.RetrieveCertUseTls12Only'.  

 

Patching on other infrastructures (both v11 and v12) went smoothly.

Anyone else experiencing the same behaviour?

We are experiencing the same issues after patching our v11 infrastructure today. Just opened a support case. 

Sorry to hear about that, @dfit.

Hope it gets sorted out quickly.

Nico Losschaert
Userlevel 7
Badge +11

Thx for posting this @regnor , already patched the VCC environement and a lot of backup-servers 😄

#Veeam Legend 5* | VMCA 2* | VMCE 3* | VMTSP+ 2* | VMSP 2* | DCIE 2* | Loves Best Practices | Twitter : @NLosschaert
D

Hello everybody,

I’m having issues with one of the v11 installations after applying the patch, with errors like:

Failed to preprocess target Error: Field not found: 'Veeam.Backup.Common.COptions.RetrieveCertUseTls12Only'.  

 

Patching on other infrastructures (both v11 and v12) went smoothly.

Anyone else experiencing the same behaviour?

We are experiencing the same issues after patching our v11 infrastructure today. Just opened a support case. 

Chris.Childerhose
Userlevel 7
Badge +20

Please advise on roll back options if issues occur during patch?

If your VBR server is a VM then take a snapshot prior to the patching so you can roll back.  For a physical server you may want to install the Agent and do a backup prior.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
C
Userlevel 1

Please advise on roll back options if issues occur during patch?

wolff.mateus
Userlevel 7
Badge +11

Silly question here:

After apply patch on v11, if I update VBR to V12…

Need I apply patch again?

 

It depends when you downloaded the ISO for V12, it if was before yesterday you will need to download the patch. https://www.veeam.com/kb4420

 

Perfect!

IT Lover | Veeam Vanguard | VUG Leader | Blogger
pgallenga
Userlevel 3
Badge

Doesn't sound so good. 😐 Did you have any (private) hotfixes installed? Anything special about TLS?

Working with support to understand the possible outcomes, will update you when we have a solution of sort.

regnor
Userlevel 7
Badge +14

Doesn't sound so good. 😐 Did you have any (private) hotfixes installed? Anything special about TLS?

Max M. | Systems Engineer @Veeam | VMCE/VMCA | former Legend & Vanguard
pgallenga
Userlevel 3
Badge

I just finished a project and I already have to patch it! Glad to see the responsiveness of Veeam to fix this vulnerability

I also today updated environments, which I had upgraded just last week. That’s life 😉

@pgallengaWhere do you get this error?

In every job: backup, backup copy, SOBR, etc.

The only thing still working is the Configuration Backup 😓

regnor
Userlevel 7
Badge +14

I just finished a project and I already have to patch it! Glad to see the responsiveness of Veeam to fix this vulnerability

I also today updated environments, which I had upgraded just last week. That’s life 😉

@pgallenga Where do you get this error?

Max M. | Systems Engineer @Veeam | VMCE/VMCA | former Legend & Vanguard
Stabz
Userlevel 7
Badge +7

I just finished a project and I already have to patch it! Glad to see the responsiveness of Veeam to fix this vulnerability

Philippe DUPUIS |Veeam Certified Engineer | https://original-network.com/
BertrandFR
Userlevel 7
Badge +8

Silly question here:

After apply patch on v11, if I update VBR to V12…

Need I apply patch again?

 

It depends when you downloaded the ISO for V12, it if was before yesterday you will need to download the patch. https://www.veeam.com/kb4420

 

pgallenga
Userlevel 3
Badge

ΤΥη

Hello everybody,

I’m having issues with one of the v11 installations after applying the patch, with errors like:

Failed to preprocess target Error: Field not found: 'Veeam.Backup.Common.COptions.RetrieveCertUseTls12Only'.  

 

Patching on other infrastructures (both v11 and v12) went smoothly.

Anyone else experiencing the same behaviour?

The error says about tls1.2 , mayb your specific server does not allow tls 1.2, can you check with crypto and see the protocols enabled around your B&R infra.

 

I would strongly suggest to open a support ticket though.

 

Thank you @Vassilis, already opened SR #05922394 with high Severity.

Of course needless to say that this infrastructure worked correctly before the patch was applied, and that no other change was introduced in the meanwhile (I also refrained from applying a couple OS updates pending, that are already scheduled for next week).

Seems like somethings’ awry on the DB (“Field not found”…?!).

I am guessing it is not the SSL expired by chance.  Since the error RetrieveCertUseTls12Only has that in it.  Hopefully support gets it sorted out for you.

Thank you @Chris.Childerhose,

support refers of a known issue with v11 that I’ve incurred into, and at first recommends upgrading to v12 (which can’t currently be done due to missing Azure plug-in for v12).

Chris.Childerhose
Userlevel 7
Badge +20

Silly question here:

After apply patch on v11, if I update VBR to V12…

Need I apply patch again?

 

I am going to assume the ISO for v12 will include the patch like they did with v11a.  So, the upgrade should have the patch.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
pgallenga
Userlevel 3
Badge

Silly question here:

After apply patch on v11, if I update VBR to V12…

Need I apply patch again?

 

Hello @wolff.mateus,

no you don’t if you used the already-updated ISO for the upgrade.

 

The KB4424 specifies:
All new deployments of Veeam Backup & Replication versions 12 and 11 installed using the ISO images dated 20230223 (V12) and 20230227 (V11) or later are not vulnerable.

 

wolff.mateus
Userlevel 7
Badge +11

Silly question here:

After apply patch on v11, if I update VBR to V12…

Need I apply patch again?

 

IT Lover | Veeam Vanguard | VUG Leader | Blogger
Chris.Childerhose
Userlevel 7
Badge +20

ΤΥη

Hello everybody,

I’m having issues with one of the v11 installations after applying the patch, with errors like:

Failed to preprocess target Error: Field not found: 'Veeam.Backup.Common.COptions.RetrieveCertUseTls12Only'.  

 

Patching on other infrastructures (both v11 and v12) went smoothly.

Anyone else experiencing the same behaviour?

The error says about tls1.2 , mayb your specific server does not allow tls 1.2, can you check with crypto and see the protocols enabled around your B&R infra.

 

I would strongly suggest to open a support ticket though.

 

Thank you @Vassilis, already opened SR #05922394 with high Severity.

Of course needless to say that this infrastructure worked correctly before the patch was applied, and that no other change was introduced in the meanwhile (I also refrained from applying a couple OS updates pending, that are already scheduled for next week).

Seems like somethings’ awry on the DB (“Field not found”…?!).

I am guessing it is not the SSL expired by chance.  Since the error RetrieveCertUseTls12Only has that in it.  Hopefully support gets it sorted out for you.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
pgallenga
Userlevel 3
Badge

ΤΥη

Hello everybody,

I’m having issues with one of the v11 installations after applying the patch, with errors like:

Failed to preprocess target Error: Field not found: 'Veeam.Backup.Common.COptions.RetrieveCertUseTls12Only'.  

 

Patching on other infrastructures (both v11 and v12) went smoothly.

Anyone else experiencing the same behaviour?

The error says about tls1.2 , mayb your specific server does not allow tls 1.2, can you check with crypto and see the protocols enabled around your B&R infra.

 

I would strongly suggest to open a support ticket though.

 

Thank you @Vassilis, already opened SR #05922394 with high Severity.

Of course needless to say that this infrastructure worked correctly before the patch was applied, and that no other change was introduced in the meanwhile (I also refrained from applying a couple OS updates pending, that are already scheduled for next week).

Seems like somethings’ awry on the DB (“Field not found”…?!).

V
Userlevel 2

ΤΥη

Hello everybody,

I’m having issues with one of the v11 installations after applying the patch, with errors like:

Failed to preprocess target Error: Field not found: 'Veeam.Backup.Common.COptions.RetrieveCertUseTls12Only'.  

 

Patching on other infrastructures (both v11 and v12) went smoothly.

Anyone else experiencing the same behaviour?

The error says about tls1.2 , mayb your specific server does not allow tls 1.2, can you check with crypto and see the protocols enabled around your B&R infra.

 

I would strongly suggest to open a support ticket though.

pgallenga
Userlevel 3
Badge

Hello everybody,

I’m having issues with one of the v11 installations after applying the patch, with errors like:

Failed to preprocess target Error: Field not found: 'Veeam.Backup.Common.COptions.RetrieveCertUseTls12Only'.  

 

Patching on other infrastructures (both v11 and v12) went smoothly.

Anyone else experiencing the same behaviour?

Chris.Childerhose
Userlevel 7
Badge +20

Patching v12 is all good in my homelab no issues.  Patch planning for our v11a environment is now in progress before we upgrade to v12.  😁

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Andanet
Userlevel 7
Badge +10

First patching

 

Antonio D'Andrea | VCP6-DCV | VMCE 2021 | VMCA 2022 | VMTSP2023 | Veeam Legend 2023 | VUG Italy Leader | I want it written on my tombstone "Please start a restore to the last valid backup"
regnor
Userlevel 7
Badge +14

Looks good, so at least you don't have to fear this certain vulnerability anymore 😉

Max M. | Systems Engineer @Veeam | VMCE/VMCA | former Legend & Vanguard
V
Userlevel 2

Hi Vassilis, for v11 build number will be 11.0.1.1261 P20230227

 

https://www.veeam.com/kb4245

 

If you are upgrading to v12, the version will be 12.0.0.1420 P20230223

 

https://www.veeam.com/kb4420

 

Thanks marco,

 

 

So i’m good ??? i have nothing to be fear off, let the hackers try 🤣

Comment


Terms & Conditions