MOVEit had three vulnerabilities - so far. Once the first one was discovered, people looked hard and found more. Third MOVEit bug fixed a day after PoC exploit made public It's a common pattern. Meanwhile, here in the UK many government IT system use out-of-support software, with known unpatchable vulnerabilities: ‘It could be taken down by an enthusiastic child’: Whitehall wide open to cyber-attack, warn campaigners Some of that is scaremongering; the enthusiastic child would have to gain phyical or remote access though firewalls, but the general point is valid.
|