CVE-2017-12410: TOCTOU Flaw in the VSA's Agent.

Issue: A Time of Check & Time of Use (TOCTOU) flaw exists within the VSA Agent on the endpoint where a user can take advantage of a race condition, which could result in executing code with system privileges. The likelihood of practical exploit is low. This flaw cannot be executed remotely and requires that an attacker has already compromised the underlying machine gaining local control of the endpoint with the ability to execute their own code.  

Resolution: Update your VSA to the latest patch following the steps highlighted here.

  • R9.3 or earlier – Upgrade to R9.4.0.37 or R9.5.
  • R9.4 – Install patch 9.4.0.37 or higher.
  • R9.5 – Not affected.

Note: For Kaseya SaaS customers, no action is required; our SaaS instances are already on R9.5.

Applies to: VSA Version 9.4.0.36 and earlier.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us