Literally yesterday we wrote that hackers are actively exploiting a zero-day vulnerability found in the GoAnywhere MFT corporate file transfer service. Already today, Fortra has released an emergency patch for its product.

The vulnerability can only be applied to software instances whose administrative panel can be accessed from the Internet. Scanning Shodan showed that there are a little more than a thousand such copies all over the Internet.

Over the weekend, the company informed its customers that the vulnerability exists and is actively exploited in hacker attacks. Fortra has provided indicators of compromise for potentially affected clients, including a specific stack trace that will show up in logs on compromised systems.

“We recommend that you apply the fix as soon as possible to fully resolve the identified issue. We consider this an urgent matter, especially for customers using the web-based administration portal,” says Fortra.

On Monday, security researcher Florian Hauser of IT security consulting firm Code White also released PoC– an exploit that can be used to remotely execute code on insecure GoAnywhere MFT servers.

“Verify that all credentials have been revoked from external systems and check the relevant access logs associated with those systems. This also includes the passwords and keys used to encrypt files on the system,” Fortra warned its customers.

It is very commendable that the company reacted so quickly and released a fix for the vulnerability. This says a lot about Fortra’s attitude towards its customers. Now it’s up to administrators of organizations who need to apply the released update as a matter of urgency.