Security News
Those wondering when the Microsoft love-in with Citrix might end will be relieved to learn that Microsoft Defender decided yesterday that Citrix Broker and High Availability Services bore all the hallmarks of a trojan. Administrators and users alike found that update 1.321.1319.0 of the malware masher left Citrix's platform a tad borked, with the Citrix Broker service gone from the Services console and the BrokerService.
Windows Defender has caused problems for some Citrix customers after deleting two services incorrectly detected as malware. Windows Defender users who installed the update may have had their Citrix Broker and HighAvailability services on Delivery Controllers and Cloud Connectors deleted after they were erroneously detected as a trojan.
The flaws exist in Citrix Endpoint Management, often referred to as XenMobile Server, which enables businesses to manage employees' mobile devices and mobile applications by controlling device security settings and updates. Specifically impacted at a critical level by the dual vulnerabilities is: XenMobile Server 10.12 before RP2, XenMobile Server 10.11 before RP4, XenMobile Server 10.10 before RP6 and XenMobile Server before 10.9 RP5. The remaining three flaws are rated medium- and low-severity.
August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. The German software corporation known for its enterprise software marked its Security Patch Day with the release of 15 security notes and an update to a previously released one.
This time the problem is in the Citrix Endpoint Management, the product Citrix suggests as an ideal way to securely manage devices and "Let employees work how, when and where they want." The situation is sufficiently serious that Citrix gave advance notice of the bugs to "a number of major CERTs around the world." But it's not explained just what the bugs entail, offering only a list of CVE numbers, and hasn't said which of the five are critical.
Citrix on Tuesday released patches to address multiple vulnerabilities in Citrix Endpoint Management, which allow an attacker to gain administrative privileges on affected systems. The severity of the identified vulnerabilities, which carry the CVE identifiers CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212, differs based on the installed version of XenMobile.
Citrix today released patches for multiple new security vulnerabilities affecting its Citrix Endpoint Management, also known as XenMobile, a product made for enterprises to help companies manage and secure their employees' mobile devices remotely. Citrix Endpoint Management offers businesses mobile device management and mobile application management capabilities.
Citrix Web App and API Protection is a new, cloud-delivered service that provides comprehensive security for applications and APIs in multi-cloud environments. "The flexible models for work and multi-cloud application deployment that companies must now support have greatly expanded the attack surface that IT needs to defend," said Mihir Maniar, Vice President of Product Management, Networking, Citrix.
Citrix informed customers this week that it has patched a vulnerability in its Workspace app that can allow an attacker to remotely hack the computer running the affected application. The security hole, tracked as CVE-2020-8207 and classified as high severity, affects the automatic update service used by the Citrix Workspace app for Windows, and it can be exploited by a local attacker to escalate privileges or by a remote attacker for arbitrary command execution.
Research outfit Pen Test Partners has uncovered a vulnerability in the Citrix Workspace app potentially allowing a privilege escalation to lead to full remote compromise of the host machine. The flaw, CVE-2020-8207, sees Workspace app's automatic update feature abused to gain access to a vulnerable Workspace app installation, with the attack vector being a named pipe.