Vulnerability Management

Citrix, watchTowr clash on new RCE-enabling Citrix Virtual Apps and Desktops flaws

Share
A sign outside a Citrix office complex

Addressed medium severity Citrix Virtual Apps and Desktop vulnerabilities, tracked as CVE-2024-8068 and CVE-2024-8069, were noted by watchTowr researchers to be potentially exploited for unauthenticated remote code execution, The Hacker News reports.

Such issues have stemmed from a misconfigured Microsoft Message Queuing instance leveraging BinaryFormatter, which Microsoft has warned against amid the emergence of deserialization vulnerabilities, according to the watchTowr report. While Citrix has emphasized the issue as an authenticated RCE, which requires execution as a NetworkService Account, the firm was noted by watchTowr researchers to have been "downplaying" the seriousness of the issue, which could be used to enable complete takeovers. Meanwhile, immediate patching has been advised by the Shadowserver Foundation amid attempted exploitation of the bugs. "While there is discussion on whether these are remotely exploitable without auth, we urge you to update your installations NOW," said the Shadowserver Foundation in a post on X, formerly Twitter.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.