Progress Software program, the maker of the MOVEit Switch file-sharing platform just lately exploited in widespread information theft assaults, warned prospects to patch a most severity vulnerability in its WS_FTP Server software program.

The corporate says hundreds of IT groups worldwide use its enterprise-grade WS_FTP Server safe file switch software program.

In an advisory revealed on Wednesday, Progress disclosed a number of vulnerabilities impacting the software program’s supervisor interface and Advert hoc Switch Module.

Out of all WS_FTP Server safety flaws patched this week, two of them had been rated as crucial, with the one tracked as CVE-2023-40044 receiving a most 10/10 severity ranking and permitting unauthenticated attackers to execute distant instructions after profitable exploitation of a .NET deserialization vulnerability within the Advert Hoc Switch module.

The opposite crucial bug (CVE-2023-42657) is a listing traversal vulnerability that allows attackers to carry out file operations outdoors the licensed WS_FTP folder path.

“Attackers might additionally escape the context of the WS_FTP Server file construction and carry out the identical stage of operations (delete, rename, rmdir, mkdir) on file and folder places on the underlying working system,” Progress mentioned.

In keeping with the corporate’s CVSS:3.1 ranking for each vulnerabilities, attackers can exploit them in low-complexity assaults that do not require person interplay.

“We have now addressed the vulnerabilities above and the Progress WS_FTP crew strongly recommends performing an improve,” Progress warned.

“We do advocate upgrading to probably the most highest model which is 8.8.2. Upgrading to a patched launch, utilizing the complete installer, is the one option to remediate this concern. There shall be an outage to the system whereas the improve is operating.”

The corporate additionally shared data on learn how to take away or disable the susceptible WS_FTP Server Advert Hoc Switch Module if it isn’t getting used. 

2,100 profitable MOVEit information theft assaults and counting

Progress continues to be grappling with the aftermath of an intensive collection of information theft assaults following the exploitation of a zero-day within the MOVEit Switch safe file switch platform by the Clop ransomware gang beginning Could 27.

As per estimates shared by safety agency Emsisoft on Monday, the fallout of those assaults has affected greater than 2,100 organizations and over 62 million people.

Regardless of the broad scope and the big variety of victims, Coveware’s estimates counsel that solely a a restricted quantity are prone to succumb to Clop’s ransom calls for. Nonetheless, the cybercriminal group is anticipated to gather an estimated $75-100 million in funds due to their excessive ransom calls for.

Moreover, reviews have additionally surfaced indicating that a number of U.S. federal businesses and two entities beneath the U.S. Division of Vitality (DOE) have fallen sufferer to Clop’s information theft assaults.

Clop has been linked to a number of high-impact information theft and extortion campaigns focusing on different managed file switch platforms, together with Accellion FTA servers in December 2020, the 2021 SolarWinds Serv-U Managed File Switch assaults, and the mass exploitation of a GoAnywhere MFT zero-day in January 2023.

On Tuesday, Progress Software program reported a 16% year-over-year income improve for its fiscal third quarter that ended on August 31, 2023, in an 8-Ok kind filed with the U.S. Securities and Alternate Fee.

Progress excluded “sure bills ensuing from the zero-day MOVEit Vulnerability” from the report because it intends “to offer further particulars relating to the MOVEit Vulnerability in our Type 10-Q for the quarter ended August 31, 2023.”