ALERT: Critical Vulnerability in MOVEit Transfer Software | Knowledge Center

(GENERAL-23-49) ALERT: Critical Vulnerability in MOVEit Transfer Software
POSTED DATE June 16, 2023
AUTHOR Federal Student Aid
ELECTRONIC ANNOUNCEMENT ID GENERAL-23-49
SUBJECT ALERT: Critical Vulnerability in MOVEit Transfer Software
Do you have MOVEit software in your school’s environment?

To help prevent a compromise and breach of data to your MOVEit Transfer environment, we strongly recommend that institutions immediately apply the following mitigation measures:

Disable all HTTP and HTTPs traffic to your MOVEit Transfer environment. More specifically:

Modify firewall rules to deny HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443.

Apply up-to-date patches, follow recommended mitigation guidance, and monitor for known Indicators of Compromise (IoC). Use only the patch links included in the documentation below. Do not use third-party resources.

Please visit the vendor’s site for details: MOVEit Transfer and MOVEit Cloud Vulnerability mitigation measures and patch information.

Summary
MOVEit Transfer is a commercial secure managed file transfer (MFT) software solution that enables the secure movement of files between organizations and their customers using SFTP, SCP, and HTTP-based uploads. MOVEit Transfer is vulnerable to a SQL injection vulnerability that could allow an unauthenticated attacker to gain administrative access, exfiltrate files, and gain arbitrary code execution.

The Cybersecurity and Infrastructure Security Agency (CISA) posted a joint Cybersecurity Advisory (CSA) with details on the CL0P Ransomware Gang Exploits and MOVEit Vulnerability available at AA23-158A:

CVE-2023-35708 (June 15, 2023)

CVE-2023-35036 (June 9, 2023)

CVE-2023-34362 (May 31, 2023)

Actions to take today to mitigate cyber threats:
Take an inventory of assets and data, identifying authorized and unauthorized devices and software.

Grant admin privileges and access only when necessary.

Establish a software allow list that only executes legitimate applications.

Monitor network ports, protocols, and services, activating security configurations on network infrastructure devices such as firewalls and routers.

Regularly patch and update software and applications to their latest versions and conduct regular vulnerability assessments.

Report a breach with the Cybersecurity Intake Form. If you have questions about the information included in this announcement, or to sign up for our Quarterly Cybersecurity newsletter, please contact [email protected].

Thank you for your attention to this matter. Federal Student Aid is committed to working with schools to combat cybersecurity attacks and protect student financial aid information.