Monday, 12 June 2023 12:34

MOVIEit is having a Very Bad Week as more Flaw Found after Security Audit

Written by

Reading time is around minutes.

MOVEit has been in the news quite a bit lately. First it was the disclosure of a Zero-Day that was actively being exploited since October 2022. Next up was the fact that the group exploiting the flaw was probably tinkering around the vulnerability since mice 2021. If that were not bad enough a new security audit performed on the MFT (managed file transfer) has found even more vulnerabilities in the service. The flaws are like the original zero-day flaws, in that they are SQL injection flaws that allow for theft of data from customer databases.

The new flaws were found during a full code review by security firm Huntress. This is after the original zero-days were fixed. The vulnerabilities identified by Huntress exist in all versions of MOVEit and allow an unauthenticated attacker to send a malicious payload to an internet exposed MOVEit Server to either modify or extract data contained in the database. As of this writing there is no evidence that this new flaw is being actively exploited, but any MOVIEit customers are advised to patch now. If you are using the cloud hosted version of MOVEit the patch has already been installed so you should be covered from this latest threat.

The series of events that has impacted MOVEit MFT and the people using it are another example of the importance of proper application testing, the creation of a proper SBOM, and tracking all the pieces involved in making your service work. We hope that Progress and other organizations take this lesson to heart and make changes to how they run their services. We also hope that customers take this to heart as well and require service providers to show proof of proper testing and security before taking on a new service.

Stay safe out there

Read 733 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.