Emergency patching against the new vulnerability in Windows Domain Name System (DNS) Server – CVE-2020-1350
Incident Report for Progress MOVEit Cloud
Resolved
Emergency maintenance was completed successfully.
Posted Jul 16, 2020 - 11:11 CDT
Investigating
Dear MOVEit Cloud customers,

We received notice of the Critical new vulnerability in Windows Domain Name System (DNS) Server – CVE-2020-1350, which has a CVSS score of 10, so we've already patched and rebooted the DR AD servers and we've added the needed registry entries on the Production AD servers to mitigate this but we need to perform a service restart of the DNS service for this to take effect.

We will start the cycling of the DNS service on the Production AD servers at 11am CST and we don't expect there to be a service disruption during the service restart.

More information on the vulnerability can be found here: https://nvd.nist.gov/vuln/detail/CVE-2020-1350

Thanks,
The Progress MOVEit Cloud team
Posted Jul 16, 2020 - 10:22 CDT
This incident affected: North America - Cluster 1, North America - Cluster 2, and Europe - Cluster 1.