{"id":92746,"date":"2023-06-12T08:15:00","date_gmt":"2023-06-12T08:15:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=92746"},"modified":"2023-06-12T08:15:00","modified_gmt":"2023-06-12T08:15:00","slug":"progress-software-releases-patch-for-second-moveit-transfer-vulnerability","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=92746","title":{"rendered":"Progress Software releases patch for second MOVEit Transfer vulnerability"},"content":{"rendered":"<div><img decoding=\"async\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/06\/progress-software-releases-patch-for-second-moveit-transfer-vulnerability.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Progress Software, the operator of the MOVEit Transfer managed file transfer product, has released a second patch for a newly discovered vulnerability distinct from CVE-2023-34362, the SQL injection bug <a href=\"https:\/\/www.computerweekly.com\/news\/366539413\/Victims-of-MOVEit-SQL-injection-zero-day-mount-up\">currently under widespread exploitation by the Russian-speaking Clop cyber extortion gang<\/a>.<\/p>\n<p>This vulnerability, which has not at the time of writing been assigned a CVE number, was discovered by external analysts working alongside Progress to probe MOVEit Transfer for any further issues.<\/p>\n<p>\u201cWe have partnered with third-party cyber security experts to conduct further detailed code reviews as an added layer of protection for our customers,\u201d <a href=\"https:\/\/www.progress.com\/security\/moveit-transfer-and-moveit-cloud-vulnerability\">Progress said in a statement<\/a>.<\/p>\n<p>\u201cAs part of these code reviews, cyber security firm <a href=\"https:\/\/www.huntress.com\/\">Huntress<\/a> has helped us to uncover additional vulnerabilities that could potentially be used by a bad actor to stage an exploit. These newly discovered vulnerabilities are distinct from the previously reported vulnerability shared on May 31, 2023.&nbsp;All MOVEit Transfer customers must apply the new patch, released on 9 June 2023.\u201d<\/p>\n<p>The vulnerability in question is also a SQL injection flaw and affects all versions of MOVEit Transfer. Progress said that, left unpatched, an unauthenticated attacker could gain unauthorised access to the MOVEit Transfer database and submit a crafted payload to it that would give them the ability to modify and disclose \u2013 i.e. steal \u2013 its content. This would have a similar impact to CVE-2023-34362.<\/p>\n<p>Progress said that users who have not yet applied the CVE-2023-34362 patch <a href=\"https:\/\/community.progress.com\/s\/article\/MOVEit-Transfer-Critical-Vulnerability-31May2023\">should refer to its initial guidance from 31 May<\/a>, which will also now protect them from the new vulnerability. Those who have applied the first patch and followed the recommended remediation steps <a href=\"https:\/\/community.progress.com\/s\/article\/MOVEit-Transfer-Critical-Vulnerability-CVE-Pending-Reserve-Status-June-9-2023\">should now proceed to apply the second patch as outlined here<\/a>, using only the patch links included in its official documentation. It added that MOVEit Cloud has also been patched with the 9 June patch.<\/p>\n<p>In the interests of flexibility, Progress is provided both a full installer version of the patch and a dynamic link library (DLL) version that users can drop in to an existing installation.<\/p>\n<p>MOVEit users are further advised to review their audit logs for any unusual or suspicious activity, such as unexpected file downloads, and review access logs and systems logging.<\/p>\n<p>Computer Weekly reached out to Huntress Security, but had not received a response at the time of publication.<\/p>\n<section class=\"section main-article-chapter\" data-menu-title=\"Clock ticking\">\n<h3 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Clock ticking<\/h3>\n<p>With under <a href=\"https:\/\/www.computerweekly.com\/news\/366539357\/Clop-cyber-gang-claims-MOVEit-attack-and-starts-harassing-victims\">72 hours now remaining until Clop begins leaking the data<\/a> it has stolen, more victims have been coming forward around the world in the past few days. Among those to have raised their hands, <a href=\"https:\/\/www.securityweek.com\/new-moveit-vulnerabilities-found-as-more-zero-day-attack-victims-come-forward\/\">as reported by <i>Security Week<\/i><\/a>, are two US state bodies in Illinois and Minnesota.<\/p>\n<p>The <a href=\"https:\/\/ltgov.illinois.gov\/news\/press-release.26572.html\">Illinois Department of Innovation and Technology<\/a> said it was investigating the impact of the attack but has not yet identified what data it has lost, although it said it suspected a \u201clarge number of individuals\u201d were affected. The <a href=\"https:\/\/education.mn.gov\/MDE\/about\/breach\/\">Minnesota Department of Education<\/a> (MDE) said that 24 total files containing the names of 95,000 children placed in foster care, as well as data on students qualifying for Covid-19 benefits, students taking courses to earn college credits, and students who used a particular school bus route in the city of Minneapolis.<\/p>\n<p>Clop has claimed that it has erased data taken from public bodies. Whether or not this is the case cannot be determined with any degree of accuracy.<\/p>\n<p>Prior to the weekend, <a href=\"https:\/\/www.computerweekly.com\/news\/366539753\/Extreme-Networks-emerges-as-victim-of-Clop-MOVEit-attack\">it also emerged that Extreme Networks<\/a> has been affected by the incident. The networking hardware and software supplier is believed to still be assessing whether or not customer data has been taken.<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"<p>Progress Software, the operator of the MOVEit Transfer managed file transfer product, has released a second patch for a newly discovered vulnerability distinct from CVE-2023-34362, the SQL injection bug currently under widespread exploitation by the Russian-speaking Clop cyber extortion gang. This vulnerability, which has not at the time of writing been assigned a CVE number, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":92747,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-92746","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92746","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=92746"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92746\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/92747"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=92746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=92746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=92746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}