H-ISAC TLP White Vulnerability Reports Progress MOVEit Transfer Critical Vulnerability Actively Exploited June 1, 2023

On June 1, 2023, NHS published a critical vulnerability bulletin focused on the Progress MOVEit File Transfer (MFT) product.

Progress discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment.  

BleepingComputer reported the vulnerability is actively being exploited by threat actors.  

As a patch is currently unavailable, Progress has released mitigations that MOVEit admins can use to secure their installations. 

Security recommendations and guidance from Progress to mitigate the vulnerability are available here.  

If you are a MOVEit Transfer customer, it is extremely important that you take immediate action to help protect your MOVEit Transfer environment, while the Progress team produces a patch. 

The vulnerability in MOVEit Transfer is especially concerning as the vulnerability could be used in the exfiltration of large datasets prior to extortion by threat actors seeking to monetize the exploit.

View the detailed report below.