• EN

Vulnerability in Veeam Backup & Replication - March 2023

Show first post

60 comments

marco_s
Userlevel 7
Badge +7

Another round of upgrades.. 😅🙁

Marco Sorrentino - Italy | System Engineer | VMCE & Veeam Lover
V
Userlevel 2

Hi,

Bit confused about the different versions. I’m in the process of pathcing my v11a, after patching can you please tell me exactly what the version on the help=>about should read that i know it is the patched one and i’m all good to go ?

thanks

Andanet
Userlevel 7
Badge +10

First patching

 

Antonio D'Andrea | VCP6-DCV | VMCE 2021 | VMCA 2022 | VMTSP2023 | Veeam Legend 2023 | VUG Italy Leader | I want it written on my tombstone "Please start a restore to the last valid backup"
Chris.Childerhose
Userlevel 7
Badge +20

ΤΥη

Hello everybody,

I’m having issues with one of the v11 installations after applying the patch, with errors like:

Failed to preprocess target Error: Field not found: 'Veeam.Backup.Common.COptions.RetrieveCertUseTls12Only'.  

 

Patching on other infrastructures (both v11 and v12) went smoothly.

Anyone else experiencing the same behaviour?

The error says about tls1.2 , mayb your specific server does not allow tls 1.2, can you check with crypto and see the protocols enabled around your B&R infra.

 

I would strongly suggest to open a support ticket though.

 

Thank you @Vassilis, already opened SR #05922394 with high Severity.

Of course needless to say that this infrastructure worked correctly before the patch was applied, and that no other change was introduced in the meanwhile (I also refrained from applying a couple OS updates pending, that are already scheduled for next week).

Seems like somethings’ awry on the DB (“Field not found”…?!).

I am guessing it is not the SSL expired by chance.  Since the error RetrieveCertUseTls12Only has that in it.  Hopefully support gets it sorted out for you.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
pgallenga
Userlevel 3
Badge

Silly question here:

After apply patch on v11, if I update VBR to V12…

Need I apply patch again?

 

Hello @wolff.mateus,

no you don’t if you used the already-updated ISO for the upgrade.

 

The KB4424 specifies:
All new deployments of Veeam Backup & Replication versions 12 and 11 installed using the ISO images dated 20230223 (V12) and 20230227 (V11) or later are not vulnerable.

 

pgallenga
Userlevel 3
Badge

ΤΥη

Hello everybody,

I’m having issues with one of the v11 installations after applying the patch, with errors like:

Failed to preprocess target Error: Field not found: 'Veeam.Backup.Common.COptions.RetrieveCertUseTls12Only'.  

 

Patching on other infrastructures (both v11 and v12) went smoothly.

Anyone else experiencing the same behaviour?

The error says about tls1.2 , mayb your specific server does not allow tls 1.2, can you check with crypto and see the protocols enabled around your B&R infra.

 

I would strongly suggest to open a support ticket though.

 

Thank you @Vassilis, already opened SR #05922394 with high Severity.

Of course needless to say that this infrastructure worked correctly before the patch was applied, and that no other change was introduced in the meanwhile (I also refrained from applying a couple OS updates pending, that are already scheduled for next week).

Seems like somethings’ awry on the DB (“Field not found”…?!).

I am guessing it is not the SSL expired by chance.  Since the error RetrieveCertUseTls12Only has that in it.  Hopefully support gets it sorted out for you.

Thank you @Chris.Childerhose,

support refers of a known issue with v11 that I’ve incurred into, and at first recommends upgrading to v12 (which can’t currently be done due to missing Azure plug-in for v12).

regnor
Userlevel 7
Badge +14

I just finished a project and I already have to patch it! Glad to see the responsiveness of Veeam to fix this vulnerability

I also today updated environments, which I had upgraded just last week. That’s life 😉

@pgallenga Where do you get this error?

Max M. | Systems Engineer @Veeam | VMCE/VMCA | former Legend & Vanguard
pgallenga
Userlevel 3
Badge

I just finished a project and I already have to patch it! Glad to see the responsiveness of Veeam to fix this vulnerability

I also today updated environments, which I had upgraded just last week. That’s life 😉

@pgallengaWhere do you get this error?

In every job: backup, backup copy, SOBR, etc.

The only thing still working is the Configuration Backup 😓

regnor
Userlevel 7
Badge +14

Doesn't sound so good. 😐 Did you have any (private) hotfixes installed? Anything special about TLS?

Max M. | Systems Engineer @Veeam | VMCE/VMCA | former Legend & Vanguard
wolff.mateus
Userlevel 7
Badge +11

Silly question here:

After apply patch on v11, if I update VBR to V12…

Need I apply patch again?

 

It depends when you downloaded the ISO for V12, it if was before yesterday you will need to download the patch. https://www.veeam.com/kb4420

 

Perfect!

IT Lover | Veeam Vanguard | VUG Leader | Blogger
Nico Losschaert
Userlevel 7
Badge +11

Thx for posting this @regnor , already patched the VCC environement and a lot of backup-servers 😄

#Veeam Legend 5* | VMCA 2* | VMCE 3* | VMTSP+ 2* | VMSP 2* | DCIE 2* | Loves Best Practices | Twitter : @NLosschaert
pgallenga
Userlevel 3
Badge

Hello everybody,

I’m having issues with one of the v11 installations after applying the patch, with errors like:

Failed to preprocess target Error: Field not found: 'Veeam.Backup.Common.COptions.RetrieveCertUseTls12Only'.  

 

Patching on other infrastructures (both v11 and v12) went smoothly.

Anyone else experiencing the same behaviour?

We are experiencing the same issues after patching our v11 infrastructure today. Just opened a support case. 

Sorry to hear about that, @dfit.

Hope it gets sorted out quickly.

regnor
Userlevel 7
Badge +14

I keep getting the same error to stop and disable all jobs. I have made sure there are no running jobs and have rebooted the server. Do I need to disable all jobs even if they aren’t running?

 

@Cassy.Haley You only need to disable jobs, which are continuously running. Like copy jobs or tape jobs for example. Also make sure no Veeam Backup Console is open.

Max M. | Systems Engineer @Veeam | VMCE/VMCA | former Legend & Vanguard
4

Hi all,

 

Long story short. Will be upgrading from v9 soon; till then I was planning on blocking port 9401.

From my understanding this will only affect being able to restore files, does anyone know if blocking this port will affect backing up our VMs?

Chris.Childerhose
Userlevel 7
Badge +20

Hi all,

 

Long story short. Will be upgrading from v9 soon; till then I was planning on blocking port 9401.

From my understanding this will only affect being able to restore files, does anyone know if blocking this port will affect backing up our VMs?

No this port should not affect backups as it is Mount Server related as per here - https://helpcenter.veeam.com/docs/backup/vsphere/used_ports.html?ver=120#mount-server-connections

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Rick Vanover
Userlevel 7
Badge +10

Hi there,

unfortunately for this task I’m neither an educated nor a professional admin.
Nevertheless I have to update a VBR on an Hyper-V VM running now 11.0.1.1261 P20211211.

I downloaded the iso-file (app. 10GB) “VeeamBackup&Replication_11.0.1.1261_20230227.iso”. But I don’t know what to do know. I guess I have to mount the iso at the VM. But I’m afraid to overwrite all current settings…

Is there a step by step manual? Or could anybody please help me and could explain what I have to do exactly?

Thanks a lot.

Yes, please check out the V11 upgrade center:  http://vee.am/v11upgradecenter (but also the V12 Upgrade Center:  http://vee.am/v12upgradecenter )

Twitter @RickVanover | Email: rick.vanover@veeam.com
J
Userlevel 1

Hi.

After install new version …

Please help.

Jan

 

Problem fixed.  Run as administrator for the first time. 😁

Chris.Childerhose
Userlevel 7
Badge +20

Patching v12 is all good in my homelab no issues.  Patch planning for our v11a environment is now in progress before we upgrade to v12.  😁

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
wolff.mateus
Userlevel 7
Badge +11

Silly question here:

After apply patch on v11, if I update VBR to V12…

Need I apply patch again?

 

IT Lover | Veeam Vanguard | VUG Leader | Blogger
Chris.Childerhose
Userlevel 7
Badge +20

Silly question here:

After apply patch on v11, if I update VBR to V12…

Need I apply patch again?

 

I am going to assume the ISO for v12 will include the patch like they did with v11a.  So, the upgrade should have the patch.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
pgallenga
Userlevel 3
Badge

Doesn't sound so good. 😐 Did you have any (private) hotfixes installed? Anything special about TLS?

Working with support to understand the possible outcomes, will update you when we have a solution of sort.

Chris.Childerhose
Userlevel 7
Badge +20

Hi there,

unfortunately for this task I’m neither an educated nor a professional admin.
Nevertheless I have to update a VBR on an Hyper-V VM running now 11.0.1.1261 P20211211.

I downloaded the iso-file (app. 10GB) “VeeamBackup&Replication_11.0.1.1261_20230227.iso”. But I don’t know what to do know. I guess I have to mount the iso at the VM. But I’m afraid to overwrite all current settings…

Is there a step by step manual? Or could anybody please help me and could explain what I have to do exactly?

Thanks a lot.

You also have the option to download only the patch file and run that instead of the entire ISO.  But as Joe said it will work but take the configuration backup first.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
N
Userlevel 1

Thank you. I successfully could make a configuration backup, and mount the ISO. But there is no UPDATE option for me, only an INSTALL option. I’m a little bit confused right now.

At the moment I don’t have official VEEAM support (it is expired a month ago) but of course an official license for VEEAM Backup & Replication 11. Is the expired support the reason why I can’t start an UPDATE?

Chris.Childerhose
Userlevel 7
Badge +20

Thank you. I successfully could make a configuration backup, and mount the ISO. But there is no UPDATE option for me, only an INSTALL option. I’m a little bit confused right now.

At the moment I don’t have official VEEAM support (it is expired a month ago) but of course an official license for VEEAM Backup & Replication 11. Is the expired support the reason why I can’t start an UPDATE?

Use this link that was posted above which is just the patch for 11a - Veeam Software for Enterprise

This will just do the upgrade rather than using the ISO and is smaller.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
J
Userlevel 1

Hi.

After install new version …

Please help.

Jan

 

Comment


Terms & Conditions