Challenge
This article documents Veeam's position on Windows Elevation of Privilege Vulnerability CVE-2021-36934. Specifically regarding the listed mitigation steps involving removal of all shadow copies, and the "Impact of workaround" mentioned in the Workarounds section of CVE-2021-36934.
Solution
While VSS and shadow copies are mentioned in CVE-2021-36934, shadow copy mechanisms are not part of the vulnerability. The advice to remove all shadow copies is because shadow copies created before the update may contain exploitable data.
The Workarounds section of CVE-2021-36934 states, "Deleting shadow copies could impact restore operations, including the ability to restore data with third-party backup applications." This statement does not apply to Veeam products (such as Backup & Replication or Agent for Windows). Veeam uses volatile shadow copies, which are deleted automatically when the backup job completes.
Deletion of VSS shadow copies, as advised in CVE-2021-36934, will not affect Veeam backups.
