WS_FTP AHT Deserialization RCE (CVE-2023-40044)
Description
WS_FTP Ad Hoc Transfer (AHT) is an IIS-based file transfer module that contains a critical .NET deserialization vulnerability. The application improperly deserializes untrusted user-supplied data using unsafe methods, allowing attackers to instantiate arbitrary objects. This vulnerability affects the WS_FTP Server's Ad Hoc Transfer module and can be exploited remotely without authentication.
Remediation
Apply security patches immediately by upgrading WS_FTP Server to version 8.7.4 or 8.8.2 (or later) as provided by Progress Software. Follow these steps:
1. Identify affected systems: Locate all WS_FTP Server installations with the Ad Hoc Transfer module enabled
2. Download patches: Obtain the latest version from the Progress Community portal
3. Test in non-production: Verify the update in a staging environment before production deployment
4. Apply updates: Install the patched version following Progress Software's upgrade documentation
5. Verify remediation: Confirm the version number post-upgrade and test functionality
6. Monitor for exploitation: Review IIS logs for suspicious POST requests to Ad Hoc Transfer endpoints
If immediate patching is not possible, consider temporarily disabling the Ad Hoc Transfer module or implementing network-level access controls to restrict access to trusted IP addresses only.