Critical Veeam Backup Solution Vulnerability: How to Protect Your Data
What is the VEEAM vulnerability?
Veeam, a backup data solution, has warned its customers to fix a severe security problem that affects its Backup & Replication software. This issue (CVE-2023-27532) was found in February by a security researcher named Shanigen and it affects all versions of Veeam Backup & Replication (VBR). The vulnerability allows people who aren’t authorized to access the software to get into the backup system by obtaining encrypted passwords.
Veeam has created patches to fix this vulnerability in VBR V11 and V12. They’re telling customers to update their software immediately to avoid the problem.
If a customer is using an older version of VBR, they need to first update to V11 or V12 before they can use the security update that addresses the vulnerability.
What you need to do
To apply the patch and avoid the potential compromise of your backups, you will be required to do so yourself or with the assistance of TSI’s help desk support team.
If you would like to apply the patch on your own, please refer to the links below with details about the vulnerability and the updated patch remediating it.
Contact us if you need help.
If you want TSI’s assistance, please indicate your interest by clicking the button below. A help desk support team member will apply the patch outside your standard business hours to avoid any potential interruptions to your environment.
We anticipate the patch will take 1-2 hours to apply and be billed against your current block-hour agreement.
Please contact your account manager if you have any questions or if we can further assist.
Cybersecurity and Compliance Manager
Chris Riani joined TSI in 2021, and currently serves as our Cybersecurity and Compliance Manager. Chris has over a decade of experience in IT, with most of his time spent managing and protecting critical IT environments within the DoD and the private sector. A ten-year Air Force Veteran, his background includes Application Administration, Networking, and Systems Design, as well as Virtualization and Cloud Security.
Chris is a graduate of Champlain College in Vermont, where he studied a wide variety of technology and security focused topics. He holds numerous IT and security certifications, such as CompTIA’s CASP+ and is also a CISSP. It comes as no surprise that Chris’s true passion is bridging the gap between operational IT requirements and information security.
Outside of work, Chris enjoys coaching soccer, spending time with his family, and playing the guitar.