Citrix patch for serious flaw won't arrive for weeks

Company admits exploits in Citrix Gateway and Citrix Application Delivery Controller may be being exploited

Citrix plans to push out patches by the end of the month for a serious flaw that it admits hackers may already be targeting.

Last month, Citrix acknowledged that Citrix Gateway and Citrix Application Delivery Controller were at risk because of a critical vulnerability, after the flaw was spotted by Positive Technologies.

Related Resource

Patch management best practices

Reduce your patch management workload

Download now

Citrix admitted that the bug could allow attackers to run code on companies' local networks by taking advantage of apps they published using the systems. At the time, Positive Technologies estimated as many as 80,000 companies in 158 countries could be at risk, including the UK and US.

"Depending on specific configuration, Citrix applications can be used for connecting to workstations and critical business systems (including ERP)," the security firm said at the time. "In almost every case, Citrix applications are accessible on the company network perimeter, and are therefore the first to be attacked. This vulnerability allows any unauthorised attacker to not only access published applications, but also attack other resources of the company's internal network from the Citrix server."

Reports now suggest hackers are already looking to make use of the flaw, with security firm Bad Packets reporting exploit attempts against its honeypots, systems set up to attract attention from criminals. Its scans suggested more than 2,000 servers were vulnerable in the UK as of today. Other researchers have also reported exploit attempts, with a working exploit shared on GitHub.

"There have been reports of network scanning to detect the presence of this vulnerability," Fermin J. Serna, chief information security officer at Citrix, admitted in a blog post this weekend.

However, the company doesn't believe most of its users will be at risk. "As many deployments are behind the firewall, we believe that a limited number of devices are exploitable," Serna said, adding that it recommended following the previously released mitigation advice.

That will have to do until Citrix releases its patches, which will begin to rollout 20 January but could take until the end of the month to complete depending on system version. "As with any product of this nature, and consistent with our policies and procedures, these fixes need to be comprehensive and thoroughly tested," Serna added.

Last year, Citrix's own systems were targeted, leaking 6TB of data.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021

Most Popular

Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
UK gun owners urged to be ‘vigilant’ after Guntrader data breach
data breaches

UK gun owners urged to be ‘vigilant’ after Guntrader data breach

23 Jul 2021