.webp)
Citrix addresses new security flaws in Virtual Apps and Desktop solutions, urging immediate updates to prevent potential exploits.
Citrix has recently been informed of new security vulnerabilities affecting its Virtual Apps and Desktop solutions, which could lead to unauthenticated remote code execution (RCE). These vulnerabilities were discovered by cybersecurity researchers at watchTowr, which are issues within the Session Recording component of Citrix. The Session Recording component allows system administrators to record user activity, such as keyboard and mouse input, alongside a video stream of the desktop for compliance, audit, and troubleshooting purposes.
The vulnerabilities are tied to an exposed, weakly permissioned instance of MSMQ, and they allow the exploitation of BinaryFormatter for unauthenticated RCE over HTTP. The issues have been categorized as CVE-2024-8068 and CVE-2024-8069, with each scoring 5.1 in CVSS. The flaws can cause privilege escalation or limited remote code execution using the access granted by the NetworkService Account. However, Citrix clarified that exploitation requires an attacker to be an authenticated user on the same Windows Active Directory domain as the session recording server and within the same intranet.
Citrix has released patches for all the affected versions, which are Citrix Virtual Apps and Desktops versions before hotfix 24.5.200.8 (2407), CU9 hotfix 19.12.9100.6 (1912 LTSR), CU5 hotfix 22.03.5100.11 (2203 LTSR), and CU1 hotfix 24.02.1200.16 (2402 LTSR). The company stresses that businesses must update their systems as soon as possible to avert potential exploits, though it is said to require authentication in order to be exploited.
Also, Microsoft has long recommended avoiding BinaryFormatter since it is known to be dangerous when deserializing untrusted input. Even though Citrix had downplayed this as a medium priority threat, the Shadowserver Foundation says they have detected exploitation attempts against the vulnerability. So, there is an urgency to update such organizations using virtual desktop solutions provided by Citrix.
.webp)
