Microsoft: June Windows Server Updates may cause Backup Issues

Microsoft says that some applications might fail to backup data using Volume Shadow Copy Service (VSS) after applying the June 2022 Patch Tuesday Windows updates.

The issue occurs due to security enforcement introduced to address an elevation of privilege vulnerability (CVE-2022-30154) in the Microsoft File Server Shadow Copy Agent Service (RVSS). 

“After you install the June 14, 2022 or a later Windows update, operations related to shadow copies (creation or deletion) on an Application Server running VSS aware Server Applications that store data on remote SMB 3.0 or later file shares may fail for SMB shares hosted on a File Server,” Microsoft explains.

Also Read: Race against time: How CSA dissect cyberattacks using sophisticated gadgets

On systems where this known issue is experienced, Windows backup applications may receive E_ACCESSDENIED errors during shadow copy creation operations and a “FileShareShadowCopyAgent Event 1013” will be logged on the File Server.

Since RVSS is an optional component, systems running Windows Server are not vulnerable by default. Additionally, Windows Client editions are not vulnerable to attacks using CVE-2022-30154 exploits in privilege escalation attempts.

The complete list of affected Windows versions and the Windows updates that introduced the issue includes:

• Windows Server 2022 (KB5014678)
• Windows 10, version 20H2 (KB5014699)
• Windows Server 2019 (KB5014692)
• Windows Server 2016 (KB5014702)
• Windows Server 2012 R2 (KB5014746)
• Windows Server 2012 (KB5014747)

How to fix the issue

To resolve the issue, install Windows updates released on June 14 and later on both the Application Server and the File Server.

Also Read: January 2022 PDPC Incidents and Undertaking

“The application server runs the Volume Shadow Copy Service (VSS)-aware application that stores data on the remote Server Message Block 3.0 (or higher) shares on a file server,” Microsoft added.

“The file server hosts the file shares. If you don’t install the update on both machine roles, backup operations carried out by applications, which previously worked, might fail.”

This known issue is also known to occur if the account used to perform the shadow copy operation is a local account with Administrator or Backup Operator privileges on the File Server—in this case, Microsoft recommends switching to a domain account.

Microsft also says that backups may fail if the account used to perform copy operations does not match privilege requirements for Administrators or Backup Operators. To fix the issue, you should switch to a domain account part of the Local Administrators or Backup Operators group on the File Server.