-1.svg){kind=logo}
There are several recent security issues in MOVEit file transfer software. Here's what you need to know.
Last updated: June 16, 2023
Update: As of July 5th, 2023 several new vulnerabilities were announced. Organizations using MOVEit should immediately follow current remediation steps.
Background
On July 5th, 2023 several new vulnerabilities were discovered in MOVEit file transfer software. Progress, the software developer, is recommending users update to the latest fixed version immediately. This is in addition to prior patches that have been applied. Given mass-exploitation currently taking place against MOVEit software, we strongly urge you to take immediate action.
This new vulnerability is in addition to the zero-day vulnerability announced on May 31, 2023 (CVE-2023-34362) that has been under attack by the ransomware group, CLOP. If you followed our prior guidance to update and look for indicators of compromise (thank you), but please note you must now address this new vulnerability.
Impact
Attackers can exploit these vulnerabilities to gain unauthorized access to vulnerable systems. There are reports of mass-exploitation including data theft attacks against a large number of vulnerable targets, and at least one threat actor group has begun posting victim data on their leak site. Corvus has observed ransomware groups exploit similar vulnerabilities in file transfer software to steal and encrypt sensitive data. It is crucial that remediation steps are followed.
Next Steps
We encourage your organization to take the following steps recommended by the manufacturer, Progress Software, to mitigate against potential attack:
- If you have NOT applied the May 2023 patch: Follow all the remediation steps in the following article: MOVEit Transfer Critical Vulnerability (May 2023) and then proceed to step 2.
- Check your instance for Indicators of Compromise
- If you have applied the May 2023 patch, upgrade to one of the versions listed in the table below.
|
Affected Version |
Fixed Version (Full Installer) |
Documentation |
Release Notes |
|---|---|---|---|
|
MOVEit Transfer 2023.0.x (15.0.x) |
|||
|
MOVEit Transfer 2022.1.x (14.1.x) |
|||
| MOVEit Transfer 2022.0.x (14.0.x) | MOVEit Transfer 2022.0.7 (14.0.7) | MOVEit 2022 Upgrade Documentation | MOVEit Transfer 2022.0.7 Release Notes |
| MOVEit Transfer 2021.1.x (13.1.x) | MOVEit Transfer 2021.1.7 (13.1.7) | MOVEit 2021 Upgrade Documentation | MOVEit Transfer 2021.1.7 Release Notes |
| MOVEit Transfer 2021.0.x (13.0.x) | MOVEit Transfer 2021.0.9 (13.0.9) | MOVEit 2021 Upgrade Documentation | MOVEit Transfer 2021.0.9 Release Notes |
| MOVEit Transfer 2020.1.6 (12.1.6) or later | Special Service Pack Available | See KB 000236387 MOVEit Transfer 2020.1 Service Pack (July 2023) |
MOVEit Transfer 2020.1.7 Release Notes |
| MOVEit Transfer 2020.0.x (12.0.x) or older | Must Upgrade to a Supported Version | See MOVEit Transfer Upgrade and Migration Guide |
N/A |
Indicators of Compromise
See file attachment cve-2023-34362-iocs.xlsx located at the bottom of the article here.
If you do notice any of the indicators noted above, please immediately contact your security and IT teams and open a ticket with Progress Technical Support at: https://community.progress.com/s/supportlink-landing. If you are a Corvus policyholder, please immediately notify us of a potential claim using the email or hotline on your policy.
Additional indicators and investigative context can be found in the articles below:
- https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft
- https://www.crowdstrike.com/blog/identifying-data-exfiltration-in-moveit-transfer-investigations/
This alert is provided for informational use only. Organizations will be solely responsible for remediation. Please consult with your IT department for more information or remediation guidance.