Following the discovery and active exploitation of critical vulnerabilities in MOVEit Transfer (CVE-2023-34362), organizations must look beyond simple patch management. Securing file transfer infrastructure requires a rigorous approach to containment, credential hygiene, and architectural hardening to prevent re-compromise or lateral movement.
We are sharing this in-depth guide from Mandiant Consulting, which details the specific technical steps required to isolate impacted servers, rotate compromised secrets, and harden the underlying Windows and Azure infrastructure against future attacks.
What You Will Learn: This white paper provides a step-by-step playbook for securing your MOVEit environment, including:
- Containment & Credential Rotation: Procedures for clearing active sessions and rotating critical secrets, including local application credentials, Service Account passwords, and Azure Storage Account access keys.
- Azure Storage Hardening: Best practices for securing Azure Blob storage by disabling unrestricted network access, enforcing Azure AD authorization over Shared Keys, and configuring alerts for anonymous requests.
- Preventing Lateral Movement: Strategies to reduce the "blast radius" of a compromise, including the implementation of a Tiered Administration Model (Tier 0/1/2) and specific GPO settings to block lateral movement tools like PsExec, RDP, and WinRM.
- IIS & Web Server Hardening: Technical instructions for disabling weak protocols (TLS v1.0/v1.1), securing session cookies, and implementing Enhanced Logging to capture the X-FORWARDED-FOR header for better source IP visibility.
- Forensic Hunting: A guide to identifying indicators of compromise, such as the human2.aspx web shell, suspicious SQL injection strings (e.g., X-siLock-Comment), and unexpected creation of "Health Check Service" accounts.
Download the Full White Paper Whether you are responding to an incident or proactively hardening your file transfer capabilities, this guide offers the granular configurations needed to secure your environment. Download "MOVEit Transfer: Containment and Hardening Guide" for the complete checklist of remediation scripts and hunting queries.