Potential service impact - Microsoft June Windows Updates - Shadow copy operations using VSS on remote SMB shares denied access
Incident Report for Pulsant Service
Identified
Synopsis:

Within the June Windows Updates released on 14th June 2022 by Microsoft there is an update which addresses a known vulnerability (CVE 2022 30154).

Various industry sources and now Microsoft themselves have confirmed that the update causes issues with backup operations on Application Servers running VSS aware Server Applications. The issue appears limited to servers which store data on remote SMB 3.0 (or later) file shares hosted on a file server.

Remediation Advice:

Pulsant have assessed the issue and do not believe that this will affect our primary backup platforms. A very small number of clients may have the particular setup described above and we will work to identify and remediate any affected solutions.

Clients with unmanaged solutions should assess their configuration and make an appropriate decision on whether to proceed based on their own risk posture.

External Links:

https://www.bleepingcomputer.com/news/microsoft/microsoft-june-windows-server-updates-may-cause-backup-issues/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30154
https://support.microsoft.com/en-us/topic/kb5015527-shadow-copy-operations-using-vss-on-remote-smb-shares-denied-access-after-installing-windows-update-dated-june-14-2022-6d460245-08b6-40f4-9ded-dd030b27850b
Posted Jun 16, 2022 - 16:29 BST
This incident affects: Threat Intelligence Alert.