Veeam has just released the Veeam Backup & Replication 12.3 version. For a list of all news see the what’s new document, the relase notes and the Veeam web page.
It adds new workload supports and new interesting features, expecially in the security area.
It adds a new cloud workload support: Microsoft Entra ID (formely Azure Active Directory).
Microsoft Entra ID is a cloud-based Identity and Access Management (IAM) system that delivers access
to your internal and external resources. But Entra ID is much more than just a directory of users and
groups, and protecting this data and knowledge is paramount. Entra ID is at the core of nearly every
organization and is essential to keep your business running, and Veeam can now give you peace of mind
by protecting it.
Key highlights of Veeam’s Microsoft Entra ID support include:
- Accelerate change detection: quickly identify and revert changes created by human error, threat actors, automated attacks, and more when restoring Entra ID data. Bolster your forensic investigations with a point-in-time copy of your IAM data.
- Simplify governance, risk and compliance: reduce risk and stay compliant through fast, automated backup processes to reduce human error risks, ensuring consistent resiliency practices. Unlock costeffective, long-term audit and sign-in log storage with unlimited retention to be able to easily go back in time during internal investigations of cybersecurity incidents.
- Rapidly restore your business: bring your business back online in seconds by pinpointing broken or missing app registrations and restoring them in seconds with comprehensive app registration recovery. Using object-level recovery empowers you to choose exactly what data you restore.
- Role-based access for restores: contrary to alternate solutions, which perform backup and restore operations under a single almighty account, Veeam relies on the native Entra ID permission system to ensure Entra ID administrators are unable to restore and/or overwrite data they do not have privileged access to.
It also include a new data center workload support: Microsoft Windows Server 2025.
- Microsoft Windows Server 2025 and Microsoft Windows 11 24H2 support — Included as a guest OS of protected machines, for installation of Veeam Backup & Replication components, and for agentbased backup with the Veeam Agent for Microsoft Windows 6.3 (included in V12.3).
- Microsoft Windows Server 2025 Hyper-V support — For host-based backup of virtual machines (VMs), allowing businesses to leverage the enhanced virtualization capabilities without compromising the ability to protect their production data.
- Microsoft System Center Virtualization Machine Manager (SCVMM) 2025 support — For registering Hyper-V based virtualization infrastructure with Veeam Backup & Replication as a data source, streamlining VM management operations, and ensuring a robust backup strategy.
- Microsoft SharePoint SE 24 H2 support — For application-aware processing with host-based and agent-based backup of machines running SharePoint SE 24 H2 and for application item-level recovery from such backups with Veeam Explorer for Microsoft SharePoint.
And there are some cyber resiliency enhancements:
- Veeam Threat Hunter: the new version 12.3 brings the speed of YARA scans and the breadth of malware detection of a classic antivirus — with the new Veeam Threat Hunter. This advanced signature-based malware detection engine is integrated directly into Veeam Backup & Replication data processing engine for significantly faster scanning than with the Bring Your Own Antivirus approach, with the breadth of malware detection that YARA scans cannot touch.
- Indicators of Compromise (IoC) Detection: stop cyberattacks right in their track with the built-in detection of early indicators of compromise (IoC) on protected machines. V12.3 leverages its file system indexing functionality to detect and report the sudden appearance of utilities from hacker’s toolkit, which are commonly utilized by cybercriminals for lateral movement, data exfiltration, command and control, stored credential access, and more, with the list of tools constantly updated by Veeam. Detecting the appearance of such tools significantly reduces the Mean Time to Detect (MTTD) threats, providing you with an opportunity to react before attackers can inflict significant damage. This lightweight and scalable detection of IoC on all protected machines is meant to draw your attention to potential issues. In cases when an attack is suspected, we recommend performing a more thorough scan of affected machines using the Recon Scanner available from Coveware by Veeam.
- Syslog filtering: You can now exclude some less important events from forwarding to the target syslog server. By specifying IDs and severity levels of unwanted events, users can take full control of their backup monitoring, ensuring only relevant information is captured. This capability was particularly important for our customers using cloud-based event management systems that charge them per event received.
The new v 12.3 fix also some vulnerabilities the affect Veeam Backup & Replication 12.2.0.334 and all earlier version 12 builds:
- CVE-2024-40717: A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to execute a script with elevated privileges by configuring it as a pre-job or post-job task, thereby causing the script to be executed as LocalSystem.
Severity: High – CVSS v3.1 Score: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - CVE-2024-42451: A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to access all saved credentials in a human-readable format.
Severity: High – CVSS v3.1 Score: 7.7CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N - CVE-2024-42452: A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to remotely upload files to connected ESXi hosts with elevated privileges.
Severity: High – CVSS v3.1 Score: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - CVE-2024-42453: A vulnerability allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to control and modify the configuration of connected virtual infrastructure hosts.
Severity: High – CVSS v3.1 Score: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - CVE-2024-42455: A vulnerability that allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to connect to remote services and exploit insecure deserialization by sending a serialized temporary file collection, thereby enabling the deletion of any file on the system with service account privileges.
Severity: High – CVSS v3.1 Score: 7.1CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H - CVE-2024-42456: A vulnerability that allows an authenticated user with a role assigned in the Users and Roles settings on the backup server to gain access to privileged methods and control critical services.
Severity: High – CVSS v3.1 Score: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - CVE-2024-42457: A vulnerability that allows an authenticated user with certain assigned operator roles in the Users and Roles settings on the backup server to expose saved credentials by leveraging a combination of methods in the remote management interface.
Severity: High – CVSS v3.1 Score: 7.7CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N - CVE-2024-45204
- A vulnerability that allows an authenticated user with an assigned role in the Users and Roles settings on the backup server to exploit insufficient permissions in credential handling, potentially leading to the leakage of NTLM hashes of saved credentials.
Severity: High – CVSS v3.1 Score: 7.7CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
It’s possible upgrade existing deployments of Veeam Backup & Replication (11a, 12, 12.1, 12.2) to 12.3. After the upgrade, the build version will be 12.3.0.310. For more information see Veeam Backup & Replication 12.3 upgrade notes.