News

MOVEit Transfer is patching a new critical vulnerability

Security Parrot Editorial Team

Progress Software Promises Regular Patches After 0-Day Vulnerability in MOVEit Transfer

Progress Software, the developer of the file transfer management product MOVEit Transfer, has promised to regularly release patches to provide a “predictable, simple, and transparent bug fixing process” after hundreds of companies were attacked with a 0-day vulnerability. The first package of patches included fixes for three vulnerabilities, including a critical one.

Background

The 0-day vulnerability (CVE-2023-34362) in MOVEit Transfer was discovered in early June 2023. All versions of MOVEit Transfer were affected by the problem, and it was reported that attacks on them began as early as May 27, 2023. Attackers used this vulnerability to deploy custom web shells on affected servers, allowing them to list files stored on the server, download files, and steal Azure Blob Storage account credentials and secrets, including the AzureBlobStorageAccount, AzureBlobKey, and AzureBlobContainer settings. As a result, Microsoft analysts linked the massive attacks to the Clop ransomware hack group (aka Lace Tempest, TA505, FIN11, or DEV-0950). And soon the hackers began to make demands, extorting ransoms from the affected companies. At the moment, according to Emsisoft experts, the number of companies-victims exceeds 230: at least 20 schools in the US and dozens of universities around the world were affected. In total, the leaks affected information about 17-20 million people.

Patches Released

Service packs for Progress Software products will be distributed to MOVEit, including MOVEit Transfer and MOVEit Automation. The first one has already been released and contains fixes for a critical SQL injection, as well as two other less serious vulnerabilities.
The critical issue has been identified as CVE-2023-36934 and has been identified by the Trend Micro Zero Day Initiative. The developers report that it can be used without authentication, allowing an attacker to gain unauthorized access to the MOVEit Transfer database.
The second vulnerability is also a SQL injection and is tracked under the identifier CVE-2023-36932. This problem can be exploited by an attacker after authentication. Both SQL injections affect multiple versions of MOVEit Transfer, including 12.1.10 and later, 13.0.8 and later, 13.1.6 and later, 14.0.6 and later, 14.1.7 and later, and 15.0.3 and later.
The third issue addressed by patches this month was the CVE-2023-36933 vulnerability, which allows attackers to spontaneously terminate a program. This bug affects MOVEit Transfer versions 13.0.8 and later, 13.1.6 and later, 14.0.6 and later, 14.1.7 and later, and 15.0.3 and later.

Advice

MOVEit Transfer users are now advised to upgrade to the versions listed in the security bulletin to protect themselves from the vulnerabilities. Progress Software has promised to regularly release patches to provide a “predictable, simple, and transparent bug fixing process”, and users should keep an eye out for future updates.
At the moment, there are no reports of active exploitation of this problem by hackers. However, users should remain vigilant and take all necessary steps to protect their systems from potential attacks.

Weekly Updates For Our Loyal Readers!

Share this Article
Lost your password?