December 3, 2024 at 01:14PM
Veeam has issued security updates for two critical vulnerabilities in its Service Provider Console (VSPC), including a high-severity remote code execution flaw (CVE-2024-42448). Users of VSPC versions 7 and 8 are urged to upgrade to the latest patch to prevent exploitation, which has already been linked to ransomware attacks.
### Meeting Takeaways:
1. **Security Updates Released**: Veeam issued critical security updates today to address two vulnerabilities in the Service Provider Console (VSPC).
2. **VSPC Overview**: The VSPC platform is used by service providers for managing and securing customer backups in various environments, including virtual, Microsoft 365, and public cloud workloads.
3. **Critical Vulnerability**:
– **CVE-2024-42448**: This flaw has a severity score of 9.9/10 and allows attackers to execute arbitrary code on unpatched servers via the VSPC management agent.
4. **High Severity Vulnerability**:
– **CVE-2024-42449**: This flaw can lead to stealing the NTLM hash of the server service account, enabling attackers to delete files on the VSPC server.
5. **Exploitation Conditions**: Both vulnerabilities require the management agent to be authorized on the targeted server for successful exploitation.
6. **Affected Versions**: The vulnerabilities affect VSPC version 8.1.0.21377 and earlier, including builds 7 and 8. Unsupported product versions are likely vulnerable as well.
7. **Recommended Actions**:
– Service providers using supported versions are urged to update to the latest cumulative patch.
– Those using unsupported versions are strongly advised to upgrade to the latest version.
8. **Urgency for Patching**: Recent trends of exploitation of Veeam vulnerabilities underline the importance of timely patching to prevent further attacks.
9. **Related Threats**: Notably, an RCE flaw in the Veeam Backup & Replication software is currently being exploited in various ransomware attacks, emphasizing the need for vigilance and prompt updates.
10. **Veeam’s Reach**: Veeam products are utilized by over 550,000 customers globally, including a significant proportion of Global 2,000 and Fortune 500 companies.