Progress Software, the company behind the popular MOVEit file-transfer software, has announced the release of fixes for two critical vulnerabilities that have been actively exploited by hackers. The company issued an advisory last week, warning users about multiple vulnerabilities in its WS_FTP file-transfer software, which is widely used by IT teams for secure data transfer.
Key Takeaway
Progress Software has patched critical vulnerabilities in its MOVEit file-transfer software that were actively exploited by hackers. The vulnerabilities allowed remote code execution and unauthorized file operations, affecting potentially thousands of WS_FTP customers. Users are advised to update their software immediately to avoid potential security breaches.
The Vulnerabilities
Among the vulnerabilities identified, two were rated as critical. The first vulnerability, known as CVE-2023-40044, is a .NET deserialization flaw that allows remote code execution on the underlying operating system. The severity of this vulnerability is rated at 10.0. The second vulnerability, tracked as CVE-2023-42657, is a directory traversal vulnerability that enables unauthorized file operations outside the designated WS_FTP folder path.
According to cybersecurity company Rapid7, both of these vulnerabilities are being actively exploited by hackers. Rapid7 has observed a small number of incidents related to the exploitation of WS_FTP Server on September 30, affecting industries such as technology and healthcare. The consistent execution pattern across these incidents suggests the possibility of mass exploitation by a single threat actor.
Impact and Response
Currently, the extent of the attacks and the number of affected WS_FTP customers is unknown, as Progress Software has not provided information on the matter. However, security company Assetnote, the first to discover the WS_FTP vulnerabilities, has identified 2,900 exposed web servers running WS_FTP, mostly belonging to large enterprises, governments, and educational institutions.
Progress Software has released patches to address the vulnerabilities and is urging its customers to apply the fixes promptly. Additionally, Rapid7 has shared indicators of compromise to help organizations determine if they have been targeted.