(GENERAL-23-49) ALERT: Critical Vulnerability in MOVEit Transfer Software

Posted Date
June 16, 2023
Author
Federal Student Aid
Electronic Announcement ID
GENERAL-23-49
Subject
ALERT: Critical Vulnerability in MOVEit Transfer Software

Do you have MOVEit software in your school’s environment?

To help prevent a compromise and breach of data to your MOVEit Transfer environment, we strongly recommend that institutions immediately apply the following mitigation measures:

Disable all HTTP and HTTPs traffic to your MOVEit Transfer environment. More specifically:

  • Modify firewall rules to deny HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443.

  • Apply up-to-date patches, follow recommended mitigation guidance, and monitor for known Indicators of Compromise (IoC). Use only the patch links included in the documentation below. Do not use third-party resources.

Please visit the vendor’s site for details: MOVEit Transfer and MOVEit Cloud Vulnerability mitigation measures and patch information.

Summary

MOVEit Transfer is a commercial secure managed file transfer (MFT) software solution that enables the secure movement of files between organizations and their customers using SFTP, SCP, and HTTP-based uploads. MOVEit Transfer is vulnerable to a SQL injection vulnerability that could allow an unauthenticated attacker to gain administrative access, exfiltrate files, and gain arbitrary code execution.

The Cybersecurity and Infrastructure Security Agency (CISA) posted a joint Cybersecurity Advisory (CSA) with details on the CL0P Ransomware Gang Exploits and MOVEit Vulnerability available at AA23-158A:

  • CVE-2023-35708 (June 15, 2023)

  • CVE-2023-35036 (June 9, 2023)

  • CVE-2023-34362 (May 31, 2023)

Actions to take today to mitigate cyber threats:

  • Take an inventory of assets and data, identifying authorized and unauthorized devices and software.

  • Grant admin privileges and access only when necessary.

  • Establish a software allow list that only executes legitimate applications.

  • Monitor network ports, protocols, and services, activating security configurations on network infrastructure devices such as firewalls and routers.

  • Regularly patch and update software and applications to their latest versions and conduct regular vulnerability assessments.

Report a breach with the Cybersecurity Intake Form. If you have questions about the information included in this announcement, or to sign up for our Quarterly Cybersecurity newsletter, please contact FSASchoolCyberSafety@ed.gov.

Thank you for your attention to this matter. Federal Student Aid is committed to working with schools to combat cybersecurity attacks and protect student financial aid information.