A new security update called Update 5 has been released for DSM 6.2.4 and it’s an extremely important update. With this updated firmware Synology is sealing a security hole in their Disk Station Manager (DSM) OS. What could have happened was registered attackers could use the vulnerability to remotely execute commands on devices with the outdated DSM version. The Security issue fixed by Update 5 affects Synology NAS devices running DSM 6.2.4 Update 4 and all previous versions, as well as DSM 7.0.1 Update 2 and its previous versions.
According to the security report, Synology is still working on the update for DSM 7.0.1, but it should follow shortly. All NAS devices currently running DSM 6.2.4 should show the available update. Administrators should apply it as soon as possible.
What’s new in DSM 6.2.4-25556-5:
- Fixed an issue where users couldn’t add Google or Outlook accounts at Personal > Email Delivery.
- Fixed an issue where sending a test email would fail if users selected Outlook as the service provider.
- Fixed multiple security vulnerabilities. (Synology-SA-22:03)
- Fixed an issue where filters might not work when users edit domain user or group privileges at Control Panel > Application Privileges.
- Fixed an issue where Avid Pro Tools couldn’t save files via SMB.
Download the new DSM .pat file from the link below. Search and download the correct file for your NAS model.
Go to Control Panel / Update & Restore / DSM Update tab / Click Manual DSM Update. Follow the instructions in the image below.
After you click Manual DSM Update a new window will open. Upload the .pat file you have previously downloaded at STEP 1 then follow the installation instructions.
Note: DSM 7.0.1-42218 Update 2 is affected by this security issue known as Synology-SA-22:03. According to Synology an update will be ready shortly for the DSM 7.0.1 Update 2 version. All users still running DSM 6.2.4 should upgrade their operating system to DSM 6.2.4-25556-5 immediately.
Note: Only Synology NAS devices with DSM 6.2.4 installed can be updated to this version.
This post was updated on Wednesday / February 23rd, 2022 at 1:25 AM