A fix has been implemented and we are monitoring the results.
Posted Jun 09, 2023 - 10:39 CDT
Update
All MOVEit Cloud servers have been fully patched and all testing has passed.
Posted Jun 09, 2023 - 10:38 CDT
Investigating
You may notice minor interruptions in service during upgrade.
The investigation into the previously reported MOVEit Transfer vulnerability (CVE-2023-34362) is ongoing. In addition to that investigation, as an added layer of protection to our customers, we are partnering with third-party cybersecurity experts to conduct further detailed code reviews. As part of these code reviews, cybersecurity firm Huntress has helped us to uncover additional vulnerabilities that could potentially be used by a bad actor to stage an exploit. These newly discovered vulnerabilities only impact MOVEit Transfer and MOVEit Cloud and are distinct from the previously reported vulnerability (CVE-2023-34362) that we shared on May 31, 2023. The investigation is ongoing, but currently, we have not seen indications that these newly discovered vulnerabilities have been exploited.
We took immediate action and we have developed, tested and are deploying a new patch to all MOVEit Cloud clusters to address the new vulnerabilities.
This incident affected: North America - Cluster 1, North America - Cluster 2, North America - Cluster 3, Europe - Cluster 1, Australia - Cluster 1, and UK Cluster 1.