The VMware Carbon Black App Control Server 8.5.x to 8.8.x contains a critical security vulnerability.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2022-22951 and CVE-2022-22952 to this issue. We strongly recommend that you upgrade as soon as possible.
For more information, see the VMware Security Advisory: VMSA-2022-0008. For questions and assistance with installation please contact customer support.
The following are the download links for security patches that address the issue. Please select the version that corresponds to your App Control Server Installation.
8.5.0 and Newer Server Versions
For customers patching versions 8.5 and above please use one of the “Server Installers” in the table below. These server installers include the "ParityServerSetup.exe" and are installed similar to any previous server release (ex. 8.6.0).
App Control Server Versions and Installers
Before using one of the download links in the table below, make sure you have logged into the Carbon Black User Exchange (UEX).
| Version Coverage | Build Number | Download Link | SHA-256 |
|---|---|---|---|
| 8.8.2 (upgrade for 8.8.x) | 8.8.2.192 | This is a new release. See: New Release: Server 8.8.2 | |
| 8.7.4 (upgrade for 8.7.x) | 8.7.4.4 | 8.7.4 Link | 6874cf5c0b94f77ba1064134f63527dceac8510afd761f78ce0f0552c0939bb3 |
| 8.6.6 (upgrade for 8.6.x) | 8.6.6.4 | 8.6.6 Link | 8c223765a39d3362b7f0a8eed6cef650b2efc0208eccaa8dfc75936bc5ae1d4e |
| 8.5.14 (upgrade for 8.5.x) | 8.5.14.4 | 8.5.14 Link | 96b874fa2541a50b3e4c5c3c79acc07fb523ea2d97c8665f9509e3d2f32b8b9c |
FAQs
Can you upgrade directly from an older release to 8.6.2?
Yes just keep in mind that SQL 2008 is not supported on 8.6.+
How can you verify the install was successful?
On 8.5 or 8.6 this version number is reflected in the console. On the older versions, verify the install was successful in the hotfix log. Located Either in the C:\Program Files (x86)\Bit9\Parity Server\Support directory or in the C:\users\"SERVICE USER"\appdata\local\temp
Does this patch affect agents?
No this is only server side.
Is a reboot required after the patches are applied?
No reboots are required.
