Kaseya has released fixes for vulnerabilities exploited by REvil

Kaseya has released fixes vulnerabilities exploited REvil

After installing the patch, users will need to change their passwords without fail.

On Sunday, July 11, the American company Kaseya released emergency updates that fix vulnerabilities in the Virtual System Administrator (VSA) software, the hack of which affected 1.5 thousand companies around the world.

Following the incident, Kaseya asked VSA users to shut down their servers until a fix was ready. Ten days later, the company released VSA version 9.5.7a (9.5.7.2994), which fixed three new vulnerabilities:

CVE-2021-30116 – credential leak and boolean error;

CVE-2021-30119 – Cross-site scripting;

CVE-2021-30120 – Two-Factor Authentication Bypass.

These vulnerabilities are included in the list of seven vulnerabilities that Kaseya learned from the Dutch Institute for Vulnerability Disclosure (DIVD). The experts warned about the vulnerabilities back in April, and the company has fixed four of them. The other three she intended to fix later, a gap exploited by the cybercriminal group REvil, who attacked Kaseya through vulnerabilities in the VSA earlier this month.

As an additional security measure, the company recommended restricting VSA Web GUI access to local IP addresses by blocking port 443 in the firewall settings.

Kaseya also warned its customers that after installing the patch, they will be required to change their passwords after logging in to comply with the new password requirements. The company also added that some features have been replaced with improved alternatives, but the new release “contains some functional flaws that will be fixed in a future release.”

In addition to deploying a patch for on-premises VSAs, the company has also initiated a VSA SaaS infrastructure recovery.

“Service recovery is progressing according to plan, 60% of our SaaS clients are already up and running, and the servers for the rest of the clients will be online in the next few hours,” Kaseya said.

The fix for the remaining three vulnerabilities came a few days after the company warned of a fraudulent scheme in which attackers send fake patches for Kaseya software in order to gain remote access to systems using Cobalt Strike.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply