Progress Software Urges ShareFile Customers to Shut Down On-Premise Storage Controllers Amid 'Credible External Security Threat'
**Progress Software** has issued an urgent directive to **ShareFile** customers, instructing them to immediately shut down Windows servers running their Storage Zone Controllers. The company confirms it is responding to a "credible external security threat," temporarily disabling access to affected accounts as it investigates with internal and external security experts. While no unauthorized access to **ShareFile** accounts or data has been indicated, the severity of the shutdown order suggests a significant, unpatched vulnerability.
Enterprise security firm **Progress Software** has taken the drastic step of advising **ShareFile** customers to power down their Windows servers hosting Storage Zone Controllers. This move comes in response to what the company describes as a "credible external security threat."

**Progress Software** confirmed to The Hacker News that it is actively addressing the situation, temporarily disabling access to affected accounts as a precautionary measure. The company states it is collaborating with internal and external security experts to understand and mitigate the threat. Crucially, **Progress** has not yet reported any unauthorized access to **ShareFile** accounts or data, but the immediate shutdown order points to a severe, potentially zero-day vulnerability.
The directive first became public when a customer shared **Progress Software**'s email on Reddit's r/sysadmin on July 10. The company subsequently confirmed the disruption on its status page, listing Storage Zone Controller customers as "not operational" and the incident under investigation as of a 12:12 p.m. EDT update.
### Understanding the Impact
Only customers utilizing the Storage Zone Controller are affected, not standard cloud-only **ShareFile** accounts. The Storage Zone Controller is a self-hosted server that allows organizations to keep their files on their own storage while leveraging **ShareFile**'s cloud for sharing and management. These controllers often reside at the network's edge, making them internet-accessible and, consequently, prime targets for attackers.
The instruction to take these systems completely offline, rather than simply apply a patch, is a significant indicator. This suggests that a readily available fix does not yet exist, implying a newly discovered flaw that **Progress Software** is racing to address. It could also point to a threat that patching alone cannot resolve, such as compromised keys or an issue on **Progress**'s own infrastructure.
**Progress Software**'s careful wording that "no accounts or data were accessed" does not preclude potential issues on the controllers themselves.

### Immediate Actions for Affected Customers
IT security professionals and privacy-conscious users managing **ShareFile** Storage Zone Controllers should take the following steps:
1. **Prioritize Shutdown:** Adhere strictly to the shutdown order. Keep affected controllers offline until **Progress Software** provides clear guidance on the threat and a safe restart procedure.
2. **Verify Version:** Independently confirm that your Storage Zone Controller is running version **5.12.4** or later (for the 5.x line) or any 6.x release. While these versions address previous flaws, **Progress Software** has not confirmed if they mitigate the current threat, so do not interpret this as permission to restart.
3. **Incident Response Protocol:** If a controller was internet-accessible, treat it as a potential incident. Preserve all logs, initiate your organization's incident response process, and thoroughly check for unfamiliar `.aspx` files in web folders and unconfigured storage paths. A server appearing clean is not definitive proof of its integrity.
### A History of Vulnerabilities
This is not the first time **ShareFile** has faced critical security challenges. In 2023, when the product was still under **Citrix** (prior to **Progress Software**'s 2024 acquisition), attackers exploited an unauthenticated flaw in the same Storage Zones Controller (**CVE-2023-24489**).
The **CISA** (Cybersecurity and Infrastructure Security Agency) subsequently flagged **CVE-2023-24489** as actively exploited, leading **Citrix** to cut unpatched controllers off from the **ShareFile** cloud β a similar access block to what **Progress Software** has now imposed.
**Progress Software** itself has a recent history with significant security incidents, notably the **MOVEit** zero-day exploit in 2023, which was leveraged by the **Clop** ransomware group and impacted over 2,700 organizations.
Furthermore, the Storage Zones Controller had two critical flaws disclosed by **watchTowr** in April and patched by **Progress Software** in March. However, the company has not linked the current threat to these specific vulnerabilities, and neither has been reported as actively exploited.
The central question remains: What is the nature of this credible threat, and when will it be safe for customers to bring their **ShareFile** Storage Zone Controllers back online? The cybersecurity community awaits further details from **Progress Software**.