CSC News Table of Contents
MOVEit Maker Warns of Critical Bug Alert: In a recent development, Progress Software, the company responsible for the MOVEit Transfer tool, has issued a critical warning.
Thousands of businesses using their WS_FTP Server software may be at risk due to a severe bug.
This news item highlights the key details surrounding this security concern.
Key Takeaways on MOVEit Maker Warns of Critical Bug Alert:
- Maximum Severity Bug: Progress Software has identified a serious bug in its WS_FTP Server software, affecting its interface and Ad hoc transfer module. This bug poses a significant risk as attackers can execute remote commands, exploiting a .NET deserialization vulnerability.
- Widespread Vulnerability: All versions of the WS_FTP Server Ad hoc module are affected by this bug, potentially exposing a broad user base to threats. Security experts emphasize the ease with which such vulnerabilities can be exploited.
- Immediate Action Required: Progress Software has issued a fix for this critical issue and strongly advises users to update their software promptly. Additionally, they have provided guidance for users facing challenges in applying the update.
Progress Software Addresses Critical Bug
Progress Software, recognized for its MOVEit Transfer tool, has issued an alert concerning its WS_FTP Server software. This software, crucial for secure file transfers, is facing a severe vulnerability.
Severity and Exploitation Risk
The identified bug has been assigned the highest possible severity code, indicating its extreme danger. Cybersecurity experts warn that vulnerabilities of this nature are prime targets for exploitation by malicious actors.
Vulnerable Versions
Of concern is the fact that this bug affects all versions of the WS_FTP Server Ad hoc module. This widespread vulnerability increases the potential for a wide-ranging impact, given the different versions of the software in use.
Threat Actor Capabilities
Attackers can potentially exploit this bug for remote code execution (RCE) attacks, enabling them to take control of other individuals’ or businesses’ devices. This presents a substantial security risk.
Extensive User Base
Progress Software’s WS_FTP Server is relied upon by numerous IT teams, making it an essential tool. IoT search engines have identified over 6,000 servers currently running this software.
Patch and Remedial Steps
To address this critical issue, Progress Software has released a patch. Users are strongly advised to update their software immediately. The company has also provided guidance for users who may encounter challenges in updating the affected software.
Previous MOVEit Transfer Attacks
Earlier this year, the ransomware gang Cl0p exploited a zero-day bug in Progress Software’s MOVEit Transfer software. This allowed attackers to access and download stored data, impacting over 2,100 organizations and more than 62 million individuals.
Cl0p: The Threat Actor
The group behind these attacks, known as Cl0p, operates under various aliases, including TA505, Lace Tempest, Dungeon Spider, and FIN11.
This Russia-linked gang has been active since 2019 and has targeted numerous well-known organizations.
Impact on Organizations
Victims of the MOVEit Transfer attacks include prominent organizations such as TD Ameritrade, American Airlines, TJX, TomTom, Pioneer Electronics, Autozone, Johns Hopkins University, Warner Bros Discovery, AMC Theatres, Choice Hotels’ Radisson Americas chain, and Crowe accounting advisory firm.
Conclusion
The critical bug affecting WS_FTP Server (MOVEit) software highlights the ongoing importance of cybersecurity vigilance. Users and administrators are urged to update their software promptly to mitigate potential risks and vulnerabilities.
About Progress Software: Progress Software is the company behind the MOVEit Transfer tool and WS_FTP Server software. They provide essential solutions for secure file transfers, with a significant user base relying on their services for data security.
