Progress Urges Immediate Shutdown of ShareFile Storage Zone Controllers

Progress Software has issued an urgent directive to ShareFile customers, instructing them to immediately shut down their Windows servers running Storage Zone Controllers. This action responds to a credible external security threat, as confirmed by the company.

In a precautionary move, Progress has temporarily disabled access to the affected accounts. The company is collaborating with internal and external security experts to address the situation. At this time, there is no evidence of unauthorized access to any ShareFile accounts or data. Customers were notified promptly upon the discovery of the threat.

The specific nature of the threat and the identity of potential perpetrators have not been disclosed. The directive became public when a customer shared the company’s email on Reddit’s r/sysadmin forum on July 10. Progress acknowledged the disruption on its status page, indicating that Storage Zone Controller customers are “not operational” and that the incident is under investigation as of a 12:12 p.m. EDT update.

It’s important to note that only the Storage Zone Controller is affected; standard cloud-only ShareFile accounts remain operational. The Storage Zone Controller allows companies to store files on their own infrastructure while utilizing ShareFile’s cloud services for sharing and management. Typically positioned at the network’s edge and accessible from the internet, these controllers are both functional and potential targets for attacks. The decision to advise a complete shutdown, rather than issuing a patch, suggests the absence of an immediate fix.

This precautionary measure indicates that Progress is actively working to identify and resolve the vulnerability. The company’s statement that no accounts or data were accessed does not rule out potential issues with the controllers themselves.

Recommended Actions for Customers

  1. Immediately follow the shutdown directive and keep the affected controllers offline until further guidance is provided by Progress.
  2. Ensure that your Storage Zone Controller is updated to version 5.12.4 or later on the 5.x line, or to a 6.x release. While this addresses previous vulnerabilities, it does not guarantee protection against the current threat.
  3. If your controller is accessible from the internet, initiate your incident-response protocol. Preserve logs and inspect for unfamiliar .aspx files in web folders and storage paths. A clean appearance does not confirm the absence of compromise.

ShareFile has encountered similar issues in the past. In 2023, while under Citrix ownership, attackers exploited an unauthenticated flaw in the Storage Zones Controller (CVE-2023-24489). The Cybersecurity and Infrastructure Security Agency (CISA) highlighted this as actively exploited, leading Citrix to disconnect unpatched controllers from the ShareFile cloud.

Since acquiring ShareFile in 2024, Progress has faced significant security challenges, including the 2023 MOVEit zero-day exploit by the Clop group, affecting over 2,700 organizations. Additionally, two critical flaws in the Storage Zones Controller were disclosed by watchTowr in April and patched by Progress in March. However, the current threat has not been linked to these previous vulnerabilities, and there are no reports of their exploitation.

In the broader context, this incident underscores the persistent vulnerabilities in enterprise file-sharing solutions. Organizations must remain vigilant, ensuring that all systems are regularly updated and that robust security protocols are in place. The swift response by Progress highlights the importance of proactive measures in mitigating potential threats. Customers should stay informed through official channels and await further instructions from Progress regarding the safe reactivation of their Storage Zone Controllers.