Lotus Management Services’ security analysts are actively monitoring a critical zero-day vulnerability in Ipswitch's (Progress) MOVEit Managed File Transfer (MFT) software being exploited to steal data from organizations. MOVEit Transfer is an MFT solution that allows companies to securely transfer files. The zero-day vulnerability could allow for privilege escalation and unauthorized access. Immediate action is recommended as this vulnerability is actively being exploited in the wild. While a patch is not available, the parent company of Ipswitch, Progress, has published mitigation steps.
How to Mitigate:
Follow the steps outlined in the MOVEit Transfer Critical Vulnerability Report
- Uninstall MOVEit MFT from any servers until a patch is available.
- Block HTTP/HTTPS (ports 80/443) in the firewall if pointing at the MOVEit server.
- Check for “c:\MOVEit Transfer\wwwroot\” folder for unexpected files like backups or large file downloads as an indicator of compromise (IoC)
Important: The Lotus Security Operations Center has NOT seen any IoCs in our partners’ environments.
We will continue to actively monitor for any indicators of compromise associated with this vulnerability. We are confident that our experienced MDR analysts and technology will continue to protect your business.
