Operational Defect Database

BugZero found this defect 473 days ago.

Veeam | kb4410

How to Upgrade .NET and ASP.NET Runtimes When Using Veeam ONE 12 GA (build 12.0.0.2498) or Lower

Last update date:

4/11/2023

Affected products:

Veeam ONE

Affected releases:

11

Fixed releases:

No fixed releases provided.

Description:

Purpose

This article documents how to upgrade the .NET 3.1.x and ASP.NET 3.1.x runtime to the latest version when using Veeam ONE 12 GA (build 12.0.0.2498) or lower. For a list of all versions and build numbers of Veeam ONE, refer to: KB4357 Veeam ONE versions 12 GA (build 12.0.0.2498) or lower utilized .NET and ASP.NET 3.1.x runtime components for multiple purposes (e.g., Reporting, Web Services, and more).  The December 2022 Microsoft Security Updates comes with a remote code execution vulnerability fix for NET Core 3.1, .NET 6.0, and .NET 7.0. Those packages should be updated to maintain security.

Solution

Software Dependencies If you have Veeam ONE 12 GA (build 12.0.0.2498) or lower installed, do not uninstall .NET Core 3.1.x or ASP.NET 3.1.x. Uninstalling them will cause issues with those older versions of Veeam ONE. Even if newer versions of .NET (e.g., 6.x or 7.x) are installed, those older versions of Veeam ONE  still require .NET Core 3.1.x and ASP.NET 3.1.x.

More Information

Microsoft Security Advisory CVE-2022-41089 | .NET Remote Code Execution Vulnerability Microsoft DevBlog: .NET December 2022 Updates – .NET 7.0.1, .NET 6.0.12, .NET Core 3.1.32 .NET Core 3.1 Known Issues .NET Framework Remote Code Execution Vulnerability - CVE-2022-41089

Additional Resources / Links

Share:

BugZero® Risk Score

What's this?

Coming soon

Status

Solved

Learn More

Search:

...