Progress Software has instructed customers to immediately disconnect internet-facing ShareFile Storage Zone servers from their networks. The company cited an undisclosed "credible security threat" under active investigation, delivering the severe directive in an email on July 10.

As reported by Security Affairs, the urgent notice carried the subject line "Service Disruption. Immediate Action Required." Organizations running their own Storage Zone controllers—the components that create local data caches for a hybrid deployment model—were told to take those systems offline immediately.

The specific instruction to physically disconnect servers, rather than apply a patch or a configuration change, strongly indicates a vulnerability of critical severity for which standard mitigations like firewall rules are presumed ineffective. This measure prioritizes security over business continuity, creating significant operational disruption for development teams and IT operations reliant on Storage Zones for low-latency file access.

This incident follows a high-profile security event for Progress Software: the critical MOVEit Transfer zero-day vulnerability exploited in widespread ransomware attacks in 2023. While the company has stated this is a separate issue affecting a different product line, the succession of high-severity vulnerabilities raises ongoing scrutiny over security practices across its portfolio.

Progress Software is investigating the flaw but has not yet disclosed technical specifics, attack vectors, or a timeline for a formal patch. This leaves administrators with immediate operational challenges and no clear guidance for safely reconnecting systems. For now, the company's message is unequivocal: the risk of a potential compromise outweighs the certainty of a service outage, requiring customers to power down public-facing servers until further remediation advice is provided.


Progress Software 已指示客戶立即將面向互聯網的 ShareFile Storage Zone 伺服器從其網絡中斷開連接。該公司表示正調查一項未披露的「可信安全威脅」,並於7月10日透過電郵發出了這項嚴重的指令。

如 Security Affairs 所報導,這項緊急通告的主題為「服務中斷。需立即採取行動」。使用自有 Storage Zone 控制器(即為混合部署模式建立本地數據快取的組件)的組織被告知需立即將這些系統離線。

要求物理斷開伺服器連接,而非套用 patch 或設定變更的具體指示,強烈表明存在嚴重程度極高的漏洞,而像防火牆規則之類的標準緩解措施被認為無效。此措施優先考慮安全性而非業務連續性,對依賴 Storage Zone 進行低延遲文件存取的開發團隊和 IT 運營造成了重大營運中斷。

此次事件發生在 Progress Software 之前一宗備受關注的安全事件之後:其 MOVEit Transfer 產品中一個嚴重的零日漏洞在2023年廣泛的勒索軟件攻擊中被利用。儘管該公司表示這是影響不同產品線的獨立問題,但接連發生的高嚴重性漏洞持續引發對其整體產品組合安全實踐的審視。

Progress Software 正在調查該漏洞,但尚未披露具體技術細節、攻擊向量或正式 patch 的時間表。這使得管理員面臨即時的營運挑戰,且缺乏重新安全連接系統的明確指導。目前,該公司的訊息明確無誤:潛在入侵的風險高於服務中斷的必然性,要求客戶在獲得進一步補救建議前關閉公開訪問的伺服器。

新聞來源 / Original News Source