Attackers actively exploit zero day vulnerability in Moveit Transfer program

Progress Software’s subsidiary, IPSWITCH, has warned users of its file transfer software, Moveit Transfer, of a “critical” vulnerability. The vulnerability can potentially increase privileges and allow unauthorised access to systems, according to Progress, but the company has yet to release a patch. In a security warning, the US-based corporation suggested that customers temporarily block ports 80 and 443 on the servers the software sits on to prevent further exploitation. The company also recommended that administrators investigate unexpected backup files in C:Moveit Transferwwwroot to check for data theft.

/Reports, release notes, official announcements.