Veeam released a version of Veeam Backup for Microsoft 365 v8 on September 11, 2024, and includes Immutable backups with the ability to store on any object storage, Enterprise scale and efficiency delivered by Veeam Proxy Pools, Backup for private and shared Teams channels, and Linux-based backup proxiesβ¦
The release version of Veeam ONE 12.2 is available on August 28th, 2024.
The vulnerabilities documented in these sections were fixed starting in the 12.2 build.
The release version of Veeam ONE 12.2 is available on August 28th, 2024. You can download it at:
https://www.veeam.com/products/veeam-data-platform/monitoring-analytics.html
To gain remote access to Veeam Backup & Replication v12.2.0.334, you must first upgrade the Veeam Backup & Replication console to v12.2.0.344 on a dedicated machine.
To gain remote access to Veeam Backup & Replication v12.1.2.172, you must first upgrade the Veeam Backup & Replication console to v12.12.172 on a dedicated machine.
Veeam released Backup & Replication v12.2.0.334 on August 28, 2024.
Veeam Backup & Replication 12.2 is the newer build of version 12, and the major new features and enhancements were added in Veeam Backup & Replication v12.2.
Veeam released the Backup & Replication v12.1.2.172 on May 21, 2024.
The vulnerabilities documented in these sections were fixed starting in the 12.1.2.172 build.
Veeam Backup Enterprise Manager (VBEM)
CVE-2024-29849 | Severity: Critical (9.8)
This vulnerability in VBEM allows an unauthenticated attacker to log in to the VBEM web interface as any user.
CVE-2024-29850 | Severity: High (8.8)
This Vulnerability in VBEM allows account takeover via NTLM relay.
CVE-2024-29851 | Severity: High (7.2)
This vulnerability in VBEM allows a high-privileged user to steal the NTLM hash of the VBEM service account if that service account is anything other than the default Local System account.
CVE-2024-29852 | Severity: Low (2.7)
This vulnerability in VBEM allows high-privileged users to read backup session logs.
Veeam released the Backup & Replication v12.1.2.172 on May 21, 2024.
The vulnerabilities documented in these sections were fixed starting in the 12.1.2.172 build.
Safe Links is a feature in Microsoft Defender for Office 365 (formerly known as Office 365 Advanced Threat Protection or ATP) that helps protect your organization from malicious hyperlinks in email messages. When an email contains a hyperlink, Safe Links checks the URL against a list of known malicious links. If the link is safe, the user can access the website normally. However, if the link is malicious, Safe Links blocks access to the website and alerts the user and administrators.
Let’s walk through the steps to perform a Physical to Virtual machine (P2V) conversion using Veeam Backup and Replication (VBR) to migrate a physical server to a Cluster virtual machine.
In Microsoft Defender for Office 365, Safe Attachments is a feature that helps protect your organization from malicious email attachments. It automatically scans email attachments for potential threats, such as malware or viruses, before delivering them to recipients’ mailboxes.
Creating a custom quarantine policy in Microsoft Defender for Office 365 involves configuring advanced threat protection settings to protect your organization’s email environment.
Strict preset security policies typically refer to predefined rules and guidelines designed to enhance security measures within an organization or system. These policies safeguard sensitive data, prevent unauthorized access, and mitigate potential security threats.
Microsoft Defender for Office 365 provides preset security policies to help organizations protect their Office 365 environment from various threats. These preset policies are designed to offer baseline protection and can be customized according to the organization’s specific requirements.
An email message internet header is a metadata set containing information about the sender, recipient, routing, and delivery of an email. It can help you find the domain name of the trusted ARC sealers. The domain name must match the domain specified in the d value of the ARC-Seal and ARC-Message-Signature headers in affected messages.
Domain-based Message Authentication, Reporting, and Conformance (DMARC) builds upon SPF and DKIM to give domain owners greater control over how recipient servers handle their email messages. With DMARC, domain owners can specify policies instructing recipient servers on how to handle emails that fail SPF or DKIM checks. DMARC also enables domain owners to receive reports on email authentication results, allowing them to monitor and improve their email security posture.
DomainKeys Identified Mail (DKIM) allows email senders to sign their outgoing emails digitally using cryptographic signatures. These signatures are stored as DKIM records in the domain’s DNS settings. Recipients’ mail servers can then use these signatures to verify that the email content has not been tampered with and originated from an authorized sender.
Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect businesses against advanced threats such as phishing and malware in emails, links, and collaboration tools like Microsoft Teams, SharePoint, and OneDrive. Formerly known as Office 365 Advanced Threat Protection (ATP), Microsoft Defender for Office 365 provides several features to enhance the security posture of an organization’s email and collaboration environment.
This is a very interesting warning. I migrated many VBR servers, and it’s the first time I’ve encountered this warning.
The detailed warning message is below:
Warning Failed to connect to Red Hat Virtualization plug-in: Failed to login to platform service: The remote certificate is invalid according to the validation procedure.