Progress Software has instructed ShareFile customers to immediately shut down Windows servers running Storage Zone Controllers after identifying a credible external security threat. The company temporarily disabled access to affected accounts as a precautionary measure while investigating the incident with internal and external security teams.
Storage Zone Controllers serve as on-premises repositories that sync encrypted files to Progress's cloud infrastructure. Customers using these controllers face potential exposure if the threat exploits vulnerabilities in the on-premises deployment model. Progress has not disclosed the specific nature of the threat, the number of affected customers, or whether any unauthorized access occurred.
This incident highlights risks inherent in hybrid cloud architectures where organizations maintain local control of sensitive data repositories while relying on vendor infrastructure. Storage Zone Controller compromises could expose customer files, authentication credentials, and integration keys used to communicate between on-premises and cloud environments.
Organizations running ShareFile Storage Zone Controllers should follow Progress's guidance immediately. The shutdown prevents potential lateral movement or data exfiltration through compromised servers. Customers should also review access logs for suspicious activity and prepare to validate the integrity of stored files once Progress releases remediation steps.
Progress has not announced a timeline for restoring full functionality. The company typically addresses security incidents methodically to prevent incomplete patches that threat actors can exploit. Customers dependent on ShareFile for document management and collaboration will experience service disruptions until the threat is fully resolved.
This incident reinforces the importance of monitoring vendor security advisories closely, maintaining offline backups of critical files, and implementing network segmentation to contain compromises. Organizations should also document their incident response procedures now, before relying on them during actual outages.
