What happened (quick and slightly panicked edition)

Progress has told customers running ShareFile Storage Zone Controllers on Windows to take those servers offline immediately. The company says it’s reacting to a “credible external security threat” and has temporarily limited access to affected accounts while outside and internal security teams dig into the mess. They claim there’s no sign user data was accessed, but they haven’t explained what the threat actually is or who’s behind it — which, yes, is exactly the sort of cliffhanger nobody wants.

This only applies to self-hosted Storage Zone Controllers, not cloud-only ShareFile users. For those who don’t know: a Storage Zone Controller is a customer-run server that keeps files on your hardware while still letting ShareFile handle sharing and management. Because it usually sits on the network edge and is reachable from the internet, it’s super handy — and, unfortunately, an attractive target.

What to do now (practical steps, no drama)

If you run a controller, think of this as an urgent public-safety announcement from your inner IT parent: follow the instructions and keep the affected machines offline until Progress gives the all-clear. The choice to order a full offline shutdown — rather than a simple patch request — usually means there isn’t a quick fix yet.

  • Follow the shutdown order first. Don’t be that person who reboots to “see if it works.” Wait for official guidance.
  • Check your version. If your controller is on the 5.x line, verify it’s 5.12.4 or later; otherwise, be on a 6.x release. Those versions close older holes, but they might not block this new threat — so don’t use that as an excuse to restart yet.
  • Treat any internet-reachable controller as a potential compromise. Start your incident response process, and make sure you preserve logs — don’t reboot or delete anything that could be forensic gold.
  • Look for suspicious files. Check web folders and storage paths for unfamiliar .aspx files or things you didn’t put there. A server that looks clean isn’t proof it’s clean.
  • Keep an eye on communications from Progress. They’re working with outside experts; when they say it’s OK to come back online, that’s your green light.

History lesson (because patterns repeat): similar controllers were exploited in the past by an unauthenticated vulnerability, and other file-transfer platforms have been hit hard by zero-days and mass data thefts in recent years. Progress acquired ShareFile in 2024 and has had to respond to big incidents before, so this isn’t brand-new territory — but it’s still serious.

Bottom line: don’t panic, but don’t be casual. Keep the controllers offline, preserve evidence, verify software versions, and wait for official remediation instructions before bringing anything back online.