In an alarming development for its enterprise clients, Progress Software has issued an urgent directive instructing ShareFile customers to immediately power down the Windows servers hosting their Storage Zone Controllers. This drastic measure comes in response to what the company describes as a “credible external security threat,” as confirmed to The Hacker News.
The move underscores a significant and potentially widespread cybersecurity incident, prompting Progress to temporarily disable access to affected accounts. This step, taken “out of an abundance of caution,” allows the company to collaborate with internal and external security experts to investigate the nature and scope of the threat. While Progress maintains there’s currently no indication of unauthorized access to ShareFile accounts or data, the lack of specific details regarding the threat’s origin or nature has left many customers on edge.
The Unfolding Crisis: Why a Full Shutdown?
The security alert first surfaced publicly on July 10, when a customer shared Progress’s internal email on Reddit’s r/sysadmin forum. Progress later corroborated the disruption on its official status page, marking Storage Zone Controller customers as “not operational” and confirming an ongoing investigation.
Crucially, this incident specifically targets the Storage Zone Controller—a self-managed server component that allows organizations to keep files on their own storage infrastructure while leveraging ShareFile’s cloud for sharing and management. These controllers typically reside at the network’s edge, making them internet-accessible and, consequently, prime targets for attackers. Standard cloud-only ShareFile accounts remain unaffected.
A Drastic Measure: More Than Just a Patch
The decision to order a complete shutdown, rather than simply issuing a patch, is highly significant. It strongly suggests that a conventional fix for the underlying vulnerability is not yet available. This scenario often points to a newly discovered zero-day flaw that Progress is racing to mitigate. Alternatively, it could indicate a threat that patching alone cannot resolve, such as compromised cryptographic keys or an issue within Progress’s own infrastructure. The careful wording that “no accounts or data were accessed” also leaves open the possibility of issues directly on the controllers themselves.
Immediate Actions for ShareFile Customers
For affected organizations, the priority is clear: adherence to Progress’s shutdown order. Keep all Storage Zone Controllers offline until Progress provides explicit guidance on the threat and confirms it is safe to reactivate them.
Beyond the Shutdown: Essential Security Checks
- Version Verification: Ensure your Storage Zone Controller is running version 5.12.4 or later (on the 5.x line) or any 6.x release. While these versions address previous flaws, Progress has not confirmed they mitigate the current threat, so this is not a green light for restarting.
- Incident Response Activation: If your controller was internet-accessible, treat this as a potential incident. Initiate your organization’s incident-response protocols immediately.
- Forensic Analysis: Preserve all logs. Scrutinize web folders and storage paths for any unfamiliar .aspx files or unauthorized configurations. A server that appears clean on the surface may still be compromised.
A Troubling Pattern: Past Vulnerabilities
This isn’t the first time ShareFile’s Storage Zone Controllers have been at the center of a security storm. In 2023, when the product was still under Citrix, attackers actively exploited an unauthenticated flaw (CVE-2023-24489) in the same component. CISA subsequently flagged this vulnerability, leading Citrix to sever unpatched controllers from its cloud—a precedent for the access block Progress has now implemented.
Progress Software itself is no stranger to high-profile cyberattacks. In 2023, its MOVEit file-transfer product was targeted by the Clop ransomware group, exploiting a zero-day vulnerability that impacted over 2,700 organizations globally. Furthermore, the Storage Zones Controller had two critical flaws disclosed by watchTowr in April and patched by Progress in March, though the company has not linked these to the current threat, nor have they been reported as exploited.
The Unanswered Questions Persist
As Progress Software works with external experts, the cybersecurity community and affected customers await crucial answers. The central questions remain: What is the specific nature of this “credible external security threat,” and when will it be safe for organizations to bring their critical Storage Zone Controllers back online? Until then, caution remains the paramount directive.
For more details, visit our website.
Source: Link









Leave a comment