Kaseya has finally rolled out the patches for VSA bugs that the REvil ransomware gang exploited. The firm urges clients check for previous compromise before deploying the patches.
Kaseya Patches VSA Bugs
Days after the devastating ransomware attack, Kaseya has finally released the patches for VSA server that was found to be under active exploit.
As reported earlier, the firm confirmed that the ransomware attackers didn’t alter the VSA codebase. Rather they exploited unpatched vulnerabilities for the wave of attacks on Kaseya’s customers.
All of this happened when the firm was in the middle of patching the vulnerabilities following reports from the Dutch Institute for Vulnerability Disclosure (DIVD).
According to Kaseya’s advisory, VSA 9.5.7a Release is out now for on-premise and SaaS customers. It includes fixes for the following issues.
- Credential leak and business logic flaw (CVE-2021-30116)
- Cross-Site Scripting vulnerability (CVE-2021-30119)
- 2FA bypass (CVE-2021-30120)
- Secure flag not used for User Portal session cookies
- Certain API responses included a password hash, potentially exposing weak passwords
- Unauthorized file upload to VSA server
Kaseya has advised users to check the “VSA On-Premises Hardening and Best Practice Guide” and “VSA SaaS Security Best Practices Guide” before applying the fixes.
The firm also explained that deploying these fixes will cause a password reset for the users with improved security requirements. Briefly, the new policies require password change less than 30 days, the password should be a minimum of 16 characters long, and that reuse not be more than 5 passwords.
What Next About The Kaseya Ransomware Wave?
The REvil ransomware gang demanded a cumulative ransom of $70 million for a universal decryptor.
However, Bleeping Computer has reported that many of the victims do not intend to pay the ransom. Though exceptions are there, most of the victim MSPs will be restoring their data from backups.
Let us know your thoughts in the comments.