Sign In with your
Trend Micro Account

若您需要技術支援,請 按此建立案件。

SECURITY ALERT: Multiple Vulnerabilities in MOVEit Transfer

    • 更新於:
    • 20 Jun 2023
    • 產品/版本:
    • 作業系統:
Updated 6/19: Updated CVE information added

Several noteworthy vulnerabilities have been reported on and publicly disclosed by Progress on their MOVEit Transfer secure managed file transfer solution in the past several weeks, including the latest on June 15, 2023, which is a purported SQL injection 0-day vulnerability.  

It has also been reported that a major ransomware group has taken advantage of some of the vulnerabilities against high profile targets.

Trend Micro is closely monitoring these threats and will continue to update this article with information on detection, protection and investigation as it becomes available.

Trend Micro Protection and Detection Against Exploitation

To date, there are at least three known vulnerabilities that have been recently disclosed:  

Using Trend Micro Products for Investigation

The following highlights several post-exploitation detections and remediation technology that can be used by customers to investigate and help with potential remediation in a customer’s environment.

Trend Vision One™

Trend Vision One customers benefit from attack surface risk management and XDR capabilities of the overall platform, fed by products such as Trend Micro Apex One, allowing existing customers to stay up to date on the latest information on these vulnerabilities. Leveraging the Risk Insights family of apps, customers can scan for, and identify impacted assets, and stay up to date on latest mitigation steps, including how to use Trend products to detect and defend against exploitation.

Executive Dashboard

An updated Zero Day Vulnerability page in the Trend Vision One Executive Dashboard has been launched to provide a lot of relevant information in one area for Trend Vision One users.


Curated Intelligence Reports

Updated Curated Intelligence Reports in Trend Vision One for this campaign has been added that will automatically conduct some endpoint activity sweeping for XDR customers that have this enabled.


Campaign Intelligence

Related ransomware campaign information on the Clop ransomware associated with these vulnerabilities has also been updated in Trend Vision One.



Mitigations, Trend Micro Protection, and Detection Against Exploitation

First and foremost, it is always highly recommended that users apply the vendor's patches when they become available and is feasible. Progress has released updated patches for at least two of the vulnerabilities and continues to update information regarding the recently released one.

In addition to the vendor patches, Trend Micro does have some supplementary detection/protection patterns that may help provide additional protection against further potential exploits. 
Preventative Rules, Filters & Detection

Trend Micro Cloud One - Workload Security & Deep Security IPS Rules

  • 1011774 - MOVEit Transfer SQL Injection Vulnerability (CVE-2023-34362)

In addition, Trend Micro has three generic rules which are believed to be able to provide some protection against the new SQLi 0-day:
  • 1006193 - Generic SQL Injection Protection - 3
  • 1000608 - Generic SQL Injection Protection
  • 1005613 - Generic SQL Injection Protection - 2

Trend Micro Cloud One - Network Security & TippingPoint Protection Filters

  • 42808: HTTP: MOVEit Transfer SQL Injection Vulnerability
  • 42811: HTTP: MOVEit Transfer MOVEitISAPI.dll Endpoint Access 

Trend Micro Deep Discovery Inspector
  • 4856: CVE-2023-34362 - MOVEit SQL Injection Exploit - HTTP (Request)
  • 4854: Silock Webshell - HTTP(Request) (CVE-2023-34362)

FileScan Detections for the malicious payload (human2.aspx backdoor in reports and the DLL backdoor dropper)

  • Backdoor.ASP.SILOCK.A

Behavior Monitoring Policies related to the creation of the malicious payload (human2.aspx backdoor in reports)

  • 5276T

Trend Micro Malware Detection Patterns (VSAPI, Predictive Learning, Behavioral Monitoring and WRS) for Endpoint, Servers, Mail & Gateway (e.g. Apex One, Worry-Free Business Security Services, Worry-Free Business Security Standard/Advanced, Deep Security w/Anti-malware, etc.)

Some relevant information can be found in the following articles:
Trend Micro will continue to monitor and update this article with more information as it becomes available.
Remove a Malware / Virus



若您需要協助,請聯繫對應的技術支援窗口. 聯絡我們

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.