Microsoft’s “Patch Tuesday” security update, released on June 14th, included a fix for CVE-2022-30154 that disables data backups using Volume Shadow Copy Service (VSS) for some deployments of Windows Server. CVE-2022-30154 is an elevation of privilege vulnerability in the Microsoft File Server Shadow Copy Service (RVSS). The issue only occurs when the data backup stores information on SMB shares on a file server. The error received will be E_ACCESSDENIED errors during VSS operations, and a FileShareShadowCopyAgent Event 1013 will be logged on the file server.
The complete list of affected Windows versions and the Windows updates that introduced the issue includes:
Windows Server 2022 (KB5014678)
Windows 10, version 20H2 (KB5014699)
Windows Server 2019 (KB5014692)
Windows Server 2016 (KB5014702)
Windows Server 2012 R2 (KB5014746)
Windows Server 2012 (KB5014747)