Security News > 2021 > August > Kaseya patches Unitrends server zero-days, issues client mitigations
American software company Kaseya has issued a security update to patch server-side Kaseya Unitrends zero-day vulnerabilities found by security researchers at the Dutch Institute for Vulnerability Disclosure.
Kaseya Unitrends is a cloud-based enterprise backup and recovery solution provided as a stand-alone solution or an add-on for Kaseya's VSA remote management platform.
Kaseya released Unitrends version 10.5.5-2 on August 12 to patch the two server vulnerabilities, but it's still working on a fix for a third unauthenticated remote code execution flaw impacting the client.
"The client side vulnerability is current unpatched, but Kaseya urges users to mitigate these vulnerabilities via firewall rules as per their best prectices and firewall requirements," DIVD said in an advisory published today.
After releasing the patched Unitrends version, Kaseya reached out to customers advising them to patch vulnerable servers and apply client mitigations.
Luckily, unlike the Kaseya VSA zero-days REvil used in the early July ransomware attack that hit hundreds of Kaseya customers, these three vulnerabilities are more difficult to exploit.