MOVEit Transfer Software: Critical Zero-day Being Actively Exploited

Posted in: Resources » Cyber Heads-up

Overview

Assura’s Security Operations Center is seeing active exploitation of a SQL Injection flaw in Progress Software’s MOVEit Transfer product first announced on May 31, 2023. The vulnerability is CVE-2023-34362.

Technical Analysis

A full technical analysis has been done by our friends at Huntress, who have been on the forefront of analyzing exploitation of the vulnerability by at least one threat actor: https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response.

Affected versions, fixed versions, and documentation to execute an upgrade to the patched versions are:

Affected VersionFixed VersionDocumentation
MOVEit Transfer 2023.0.0 (15.0.0)MOVEit Transfer 2023.0.1MOVEit 2023 Upgrade Documentation
MOVEit Transfer 2022.1.x (14.1.x)MOVEit Transfer 2022.1.5MOVEit 2022 Upgrade Documentation
MOVEit Transfer 2022.0.x (14.0.x)MOVEit Transfer 2022.0.4
MOVEit Transfer 2021.1.x (13.1.x)MOVEit Transfer 2021.1.4MOVEit 2021 Upgrade Documentation
MOVEit Transfer 2021.0.x (13.0.x)MOVEit Transfer 2021.0.6
MOVEit Transfer 2020.1.x (12.1.x)Special Patch AvailableSee KB 000234559

Assura’s Take

There are two courses of action to take for this: PATCH NOW and hunt for signs of compromise. Organizations should search their MOVEit Transfer server(s) for the Indicators of Compromise (IOCs) listed in the Progress Software article about the vulnerability as well as the analysis published by Huntress (see the References section below).

The Assura SOC is actively monitoring for exploitation of this vulnerability and assisting clients with investigations. If you are an Assura Managed SIEM client and have any questions about this, please contact your Concierge.

References: