We shared with you last week that a critical vulnerability in the web interface of the MOVEit file transfer application had been discovered that could lead to potential unauthorized access to that environment.

We applied and validated a vendor-supplied patch on Sunday, June 4, 2023 that resolves the vulnerability. We have confirmed that there has been no compromise to client or Cenlar data.

What We Know

We were alerted to this vulnerability by the vendor at 2:01 p.m. ET Wednesday, May 31, 2023; it exists across the vendor’s system and is not exclusive to Cenlar.

You can continue to use MOVEit for any automated file exchanges you may have with us through MOVEit (SFTP/FTPS). The vulnerability exists solely for manual actions on the HTTP/HTTPS web interface.

What We’ve Done

As a precaution, on the evening of May 31, Cenlar took action to whitelist IP addresses in order to restrict access to our MOVEit Transfer platform only to known clients whose IP addresses had been whitelisted for other externally facing web applications. We also installed additional security software on the MOVEit Transfer server. Together, this mitigated threats posed by the vulnerability in the short-term.

As stated earlier, we applied and validated a vendor-supplied patch on Sunday, June 4, 2023 as a long-term resolution to the vulnerability.

Next Steps

Although the patch has been applied, we continue to:

• Align and improve our prevention and detection capabilities as new details emerge
• Engage our relevant security tool vendors for updated protections, mitigations and detections for this vulnerability and the associated attacks
• Investigate and respond to detective alerts associated with potential attack activity
• Monitor for indicators of compromise, and refine our efforts as new ones are identified