The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform a massive Friday attack.
The vulnerability had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure (DIVD), and Kaseya was validating the patch before they rolled it out to customers.
However, in what can only be seen as a case of bad timing, the REvil ransomware gang beat Kaseya and used the same zero-day to conduct their Friday night attack against managed service providers worldwide and their customers.