Operational Defect Database
BugZero found this defect 465 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb4410
How to Upgrade .NET and ASP.NET Runtimes When Using Veeam ONE 12 GA (build 12.0.0.2498) or Lower
Last update date:
4/11/2023
Affected products:
Veeam ONE
Affected releases:
11
Fixed releases:
No fixed releases provided.
Description:
Purpose
This article documents how to upgrade the .NET 3.1.x and ASP.NET 3.1.x runtime to the latest version when using Veeam ONE 12 GA (build 12.0.0.2498) or lower. For a list of all versions and build numbers of Veeam ONE, refer to: KB4357 Veeam ONE versions 12 GA (build 12.0.0.2498) or lower utilized .NET and ASP.NET 3.1.x runtime components for multiple purposes (e.g., Reporting, Web Services, and more). The December 2022 Microsoft Security Updates comes with a remote code execution vulnerability fix for NET Core 3.1, .NET 6.0, and .NET 7.0. Those packages should be updated to maintain security.
Solution
Software Dependencies If you have Veeam ONE 12 GA (build 12.0.0.2498) or lower installed, do not uninstall .NET Core 3.1.x or ASP.NET 3.1.x. Uninstalling them will cause issues with those older versions of Veeam ONE. Even if newer versions of .NET (e.g., 6.x or 7.x) are installed, those older versions of Veeam ONE still require .NET Core 3.1.x and ASP.NET 3.1.x.
More Information
Microsoft Security Advisory CVE-2022-41089 | .NET Remote Code Execution Vulnerability Microsoft DevBlog: .NET December 2022 Updates – .NET 7.0.1, .NET 6.0.12, .NET Core 3.1.32 .NET Core 3.1 Known Issues .NET Framework Remote Code Execution Vulnerability - CVE-2022-41089
