• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

What You Need To Know About Kaseya’s VSA Patch

Kaseya has patched vulnerabilities in its VSA software that ransomware actors leveraged in a massive attack through MSPs.

July 12, 2021 Zachary Comeau Leave a Comment

Progress MOVEit vulnerability

Kaseya has patched vulnerabilities in its VSA software that ransomware actors leveraged in a massive attack that used managed service providers to encrypt the data of about 1,500 business customers.

The patch included in the VSA 9.5.7a release for on-premises versions of Kaseya’s remote monitoring solution was published Sunday afternoon, and all the company’s software-as-a-service (SaaS) customers were back online by early this morning, according to updates on the software company’s website.

As posted in the previous update we released the patch to VSA On-Premises customers and began deploying to our VSA SaaS Infrastructure prior to the 4:00 PM target. The restoration of services is now complete, with 100% of our SaaS customers live as of 3:30 AM US EDT.  Our support teams continue to work with VSA On-Premises customers who have requested assistance with the patch.

We will continue to post updates as new information becomes available.

According to BleepingComputer, seven vulnerabilities were discovered by the Dutch Institute for Vulnerability Disclosure in April, and Kaseya had already patched most of the VSA SaaS service, but had not yet completed the patches for on-premises versions.

That’s where the REvil ransomware gang capitalized, leveraging those vulnerabilities on July 2 against about 60 MSPs using on-premises VSA servers for their customers.

It is unclear which vulnerabilities were leveraged in the attack, but BleepingComputer postulates that it could have been a combination of a credentials leak and business logic flaw, a cross site scripting vulnerability, and a two-factor authentication bypass.

Once the attack was discovered, Kaseya urged customers to shut down their on-premise VSA servers until a patch was published.

According to Kaseya’s website, the patch fixes these issues:

  • Credentials leak and business logic flaw: CVE-2021-30116
  • Cross-Site Scripting vulnerability: CVE-2021-30119
  • 2FA bypass: CVE-2021-30120
  • An issue where the secure flag was not being used for User Portal session cookies.
  • An issue where certain API responses would contain a password hash, potentially exposing any weak passwords to brute force attack. The password value is now masked completely.
  • A vulnerability that could allow the unauthorized upload of files to the VSA server.

Previous VSA releases (9.5.5 and 9.5.6) fixed several vulnerabilities, including:

  • Remote Code Execution vulnerability: CVE-2021-30118
  • SQL injection vulnerability: CVE-2021-30117
  • Local File Inclusion vulnerability: CVE-2021-30121
  • XML External Entity vulnerability: CVE-2021-30201

After installing the patch, users will have to change their password upon login and adhere to new, stronger password requirements.

Kaseya also notes that it is no longer possible to download an agent installation package without authentication to VSA, which will impact some legitimate use cases. The ability to deploy agents to legitimate external uses will be restored in a future release, however.

It is also no longer possible to disable Agent Procedure signing and approval, and all agent procedure changes must be approved by a master admin.

The update impacts other functions of the software, including helpdesk ticketing, user portal and more. Read the company’s patch notes for more information.

Kaseya also released Startup Runbooks and Hardening and Best Practice Guides for SaaS and on-premises versions of VSA.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Kaseya, ransomware, REvil

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.