On June 1, 2023, NHS published a critical vulnerability bulletin focused on the Progress MOVEit File Transfer (MFT) product.

Progress discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment.

BleepingComputer reported the vulnerability is actively being exploited by threat actors.

As a patch is currently unavailable, Progress has released mitigations that MOVEit admins can use to secure their installations.

Security recommendations and guidance from Progress to mitigate the vulnerability are available here.

If you are a MOVEit Transfer customer, it is extremely important that you take immediate action to help protect your MOVEit Transfer environment, while the Progress team produces a patch.

The vulnerability in MOVEit Transfer is especially concerning as the vulnerability could be used in the exfiltration of large datasets prior to extortion by threat actors seeking to monetize the exploit.

To help prevent unauthorized access to your MOVEit Transfer environment, Progress strongly recommends that you immediately apply the following mitigation measures.


Step 1:

Disable all HTTP and HTTPs traffic to your MOVEit Transfer environment. More specifically:

  • Modify firewall rules to deny HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443. If you require additional support, please immediately contact Progress Technical Support by opening a case via
  • It is important to note, that until HTTP and HTTPS traffic is enabled again:
  • Users will not be able to log on to the MOVEit Transfer web UI
  • MOVEit Automation tasks that use the native MOVEit Transfer host will not work
  • REST, Java and .NET APIs will not work
  • MOVEit Transfer add-in for Outlook will not work
  • Please note: SFTP and FTP/s protocols will continue to work as normal


As a workaround, administrators will still be able to access MOVEit Transfer by using a remote desktop to access the Windows machine and then accessing https://localhost/.  For more information on localhost connections, please refer to MOVEit Transfer Help:


Step 2:

Check for the following potential indicators of unauthorized access over at least the past 30 days:

  • Creation of unexpected files in the c:\MOVEit Transfer\wwwroot\ folder on all your MOVEit Transfer instances (including back-ups)
  • Unexpected and/or large file downloads


If you do notice any of the indicators noted above, please immediately contact your security and IT teams and open a ticket with Progress Technical Support at:


Step 3:

Patches for all supported MOVEit Transfer versions are being tested and links will be made available below as they are ready. Supported versions are listed at the following link:

Affected Version

Fixed Version


MOVEit Transfer 2023.0.0

MOVEit Transfer 2022.1.x

MOVEit Transfer 2022.0.x

MOVEit Transfer 2021.1.x


NHSHelp Net SecurityProgressBleeping Computer




Alert ID 2bfc1d4b



Translate »