This article describes all security-related fixes and improvements introduced in each release or update of Veeam Agent for Microsoft Windows.

This article aims to provide our customers' security and compliance teams with detailed information on security improvements between releases to help them make an informed decision on whether it is critical to upgrade from their current Veeam Agent for Microsoft Windows version to a later one.

5.0.3.4708

• Vulnerability (CVE-2022-26503) has been fixed.

 

5.0.2.4680

• No security-related changes.

 

5.0.1.4584

• No security-related changes.

 

5.0.0.4301

• LZ4 compression library version has been updated to version 1.9.2

 

4.0.2.2208

• Vulnerability (CVE-2022-26503) has been fixed.
   

4.0.1.2169

• No security-related changes.

 

4.0.0.1811

• A custom security descriptor was provided for the driver's control device (vulnerability reported by Mile Karry).
• Deserialization issues were fixed (vulnerability reported by Harrison Neal).
• A user authorization issue was fixed (vulnerability reported by Harrison Neal).
• OpenSSL was updated to version 1.0.2t

As we're establishing this new process, we appreciate any feedback on the content or format of this KB article. Please let us know in the related topic on the Veeam R&D Forums. If your feedback is too sensitive to be shared publicly, please submit it by opening a support case. We highly appreciate your collaboration!