News

Progress Software Orders Shutdown of ShareFile Servers Amid Security Threat

Progress Software has instructed ShareFile customers to shut down Windows servers running Storage Zone Controllers due to a credible security threat.

Progress Software has taken proactive measures to mitigate a security threat affecting ShareFile servers, though the exact nature of the threat remains undisclosed. Customers have been advised to keep servers offline until further notice.

Progress Software Orders Shutdown of ShareFile Servers Amid Security Threat

Progress Software has instructed ShareFile customers to shut down the Windows servers running their Storage Zone Controllers in response to a "credible external security threat." The company confirmed the threat to The Hacker News and has temporarily disabled access to affected accounts as a precautionary measure while working with internal and external security experts.

Key Details

  • Impact: Only the Storage Zone Controller is affected, not standard cloud-only ShareFile accounts. The controller is a server that companies run themselves to keep files on their own storage while using ShareFile's cloud for sharing and management.
  • Timeline: The order became public on July 10 when a customer shared the company's email on Reddit's r/sysadmin. Progress confirmed the disruption on its status page, listing Storage Zone Controller customers as "not operational" and the incident as under investigation.
  • Mitigation Steps: Progress has advised customers to keep the affected controllers offline until the threat is resolved. It has also recommended ensuring servers are updated to the latest version (5.12.4 or later on the 5.x line, or a 6.x release), though this does not guarantee protection against the current threat.

Unanswered Questions

Progress has not disclosed the nature of the threat or who is behind it. The company's statement that no accounts or data were accessed is carefully worded and does not rule out potential issues on the controllers themselves. The shutdown order suggests that no fix is currently available, indicating either a newly discovered flaw or a threat that cannot be patched, such as stolen keys or an internal problem.

Historical Context

ShareFile has faced security challenges in the past. In 2023, while owned by Citrix, attackers exploited an unauthenticated flaw in the Storage Zone Controller (CVE-2023-24489), leading to a similar access block. Progress, which acquired ShareFile in 2024, also dealt with a mass file-transfer attack on its MOVEit product in 2023, exploited by the Clop group.

Recommendations for Customers

  • Follow the Shutdown Order: Keep affected controllers offline until Progress provides further guidance.
  • Update Servers: Ensure servers are running the latest version, though this does not clear the current threat.
  • Incident Response: If a controller is internet-accessible, treat it as a potential incident. Preserve logs, initiate incident-response processes, and check for unfamiliar .aspx files in web folders and storage paths.

The central question remains unanswered: Progress has not yet identified the threat or provided a timeline for when customers can safely restart their servers.