Critical Veeam backup vulnerabilities exposed Windows users to ransomware assault

An abstract image of padlocks overlaying a digital background.
(Image credit: Shutterstock) (Image credit: Shutterstock)

Two critical vulnerabilities has been discovered in Veeam backup solutions which may have put users at risk of a ransomware attack. 

Veeam Backup & Replication was found to be vulnerable to CVE-2022-26500, and CVE-2022-26501 by Positive Technologies researcher Nikita Petrov, and although specific details were not disclosed, the flaws are thought to allow unauthenticated users access to internal API functions. 

“A remote attacker may send input to the internal API which may lead to uploading and executing of malicious code,” Positive's report said.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Ransomware and denial of service

The researcher did say that the vulnerabilities could be leveraged to gain initial access and establish persistence on the target endpoint, install malware, steal data, or directly execute commands that extract, or delete data, mount denial of service attacks, or encrypt the infrastructure and run a ransomware attack.

In total, three versions of the tool were affected by the vulnerability: 9.5, 10, and 11. Patches are already available for the latter two, with users being urged to update immediately. Those that are unable to apply the patches right now, can temporarily stop or disable the Veeam Distribution Service to mitigate any potential risks. 

The same researcher discovered an additional vulnerability in Veeam Agent for Microsoft Windows, which is a data backup software for the Microsoft OS. Tracked as CVE-2022-26503, the flaw allows attackers to “execute arbitrary code on the node with maximum rights (Local Privilege Escalation) gaining access to the resources of the compromised node with maximum privileges.”

In other words, any data stored on a vulnerable endpoint can be stolen, or used to mount further attacks. Versions 2.0, 2.1, 2.2, 3.0.2, 4.0, and 5.0 of the product were affected, the company confirmed. Patches for versions 4.0 and 5.0 have been issued. 

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person&#039;s fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Veeam backup software has a serious security flaw - here's how to stay safe
Ransomware
Ransomware defenses are being weakened by outdated backup technology, limited backup data encryption, and failed data backups
Representational image depecting cybersecurity protection
Ivanti reveals major security update, so make sure you're protected
An abstract image of padlocks overlaying a digital background.
BeyondTrust says hackers hit its remote support products
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
vpn
Ivanti warns another critical security flaw is being attacked
Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
Data center racks with cables and servers
Data centers are being pushed to their limits, but digital twins could help
A collage of Tom Holland&#039;s unmasked Spider-Man and Sadie Sink&#039;s Max in Stranger Things season 4
Marvel reportedly casts Stranger Things star Sadie Sink in Spider-Man 4, but I don't want her to tackle the roles she's rumored to play
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Lilo &amp; Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home