Progress Software program, the maker of the MOVEit Switch file-sharing platform just lately exploited in widespread knowledge theft assaults, warned prospects to patch a most severity vulnerability in its WS_FTP Server software program.
The corporate says 1000’s of IT groups worldwide use its enterprise-grade WS_FTP Server safe file switch software program.
In an advisory revealed on Wednesday, Progress disclosed a number of vulnerabilities impacting the software program’s supervisor interface and Advert hoc Switch Module.
Out of all WS_FTP Server safety flaws patched this week, two of them have been rated as essential, with the one tracked as CVE-2023-40044 receiving a most 10/10 severity ranking and permitting unauthenticated attackers to execute distant instructions after profitable exploitation of a .NET deserialization vulnerability within the Advert Hoc Switch module.
The opposite essential bug (CVE-2023-42657) is a listing traversal vulnerability that permits attackers to carry out file operations exterior the approved WS_FTP folder path.
“Attackers might additionally escape the context of the WS_FTP Server file construction and carry out the identical degree of operations (delete, rename, rmdir, mkdir) on file and folder areas on the underlying working system,” Progress mentioned.
Based on the corporate’s CVSS:3.1 ranking for each vulnerabilities, attackers can exploit them in low-complexity assaults that do not require consumer interplay.
“We now have addressed the vulnerabilities above and the Progress WS_FTP workforce strongly recommends performing an improve,” Progress warned.
“We do suggest upgrading to essentially the most highest model which is 8.8.2. Upgrading to a patched launch, utilizing the total installer, is the one technique to remediate this difficulty. There will probably be an outage to the system whereas the improve is operating.”
The corporate additionally shared data on  take away or disable the susceptible WS_FTP Server Advert Hoc Switch Module if it is not getting used.Â
2,100 profitable MOVEit knowledge theft assaults and counting
Progress remains to be grappling with the aftermath of an in depth collection of knowledge theft assaults following the exploitation of a zero-day within the MOVEit Switch safe file switch platform by the Clop ransomware gang beginning Could 27.
As per estimates shared by safety agency Emsisoft on Monday, the fallout of those assaults has affected greater than 2,100 organizations and over 62 million people.
Regardless of the broad scope and the massive variety of victims, Coveware’s estimates counsel that solely a a restricted quantity are prone to succumb to Clop’s ransom calls for. Nonetheless, the cybercriminal group is anticipated to gather an estimated $75-100 million in funds due to their excessive ransom calls for.
Moreover, experiences have additionally surfaced indicating that a number of U.S. federal businesses and two entities beneath the U.S. Division of Power (DOE) have fallen sufferer to Clop’s knowledge theft assaults.
Clop has been linked to a number of high-impact knowledge theft and extortion campaigns focusing on different managed file switch platforms, together with Accellion FTA servers in December 2020, the 2021 SolarWinds Serv-U Managed File Switch assaults, and the mass exploitation of a GoAnywhere MFT zero-day in January 2023.
On Tuesday, Progress Software program reported a 16% year-over-year income enhance for its fiscal third quarter that ended on August 31, 2023, in an 8-Okay kind filed with the U.S. Securities and Alternate Fee.
Progress excluded “sure bills ensuing from the zero-day MOVEit Vulnerability” from the report because it intends “to supply extra particulars relating to the MOVEit Vulnerability in our Kind 10-Q for the quarter ended August 31, 2023.”
