What do I need to know? Veeam have released a critical security bulletin addressing multiple vulnerabilities in its Backup and Replication software and other products. The most severe issue, tracked as CVE-2024-40711, is a remote code execution (RCE) vulnerability with a critical CVSS score of 9.8, which can be exploited without authentication, potentially allowing full system takeover. Veeam first disclosed the vulnerability on Thursday, when it released patches to fix 18 vulnerabilities across its product line, including five critical flaws, so designated because they can be remotely exploited to execute arbitrary code. More information is available here.
What do I need to do?
If your systems are managed by our Remote Monitoring and Management (RMM) service or if you are an existing Patching and Monitoring customer then you don’t need to worry, all of our support customers with Veeam have had tickets raised and will be patched this week. We started the remediation as soon as the vulnerability was identified, to secure the devices against potential compromise.
This vulnerability highlights the importance of devices being enrolled in a managed service such as RMM. It allows us to very quickly react to security threats by identifying all affected devices and applying the appropriate remediation across all of our customers at once, rather than having to deal with each system one by one.
For more information on any of the above, please contact your Connect Systems Account Manager or get in touch with us here and we’ll be happy to help you.
< Back