Addressed medium severity Citrix Virtual Apps and Desktop vulnerabilities, tracked as CVE-2024-8068 and CVE-2024-8069, were noted by watchTowr researchers to be potentially exploited for unauthenticated remote code execution, The Hacker News reports.
Such issues have stemmed from a misconfigured Microsoft Message Queuing instance leveraging BinaryFormatter, which Microsoft has warned against amid the emergence of deserialization vulnerabilities, according to the watchTowr report. While Citrix has emphasized the issue as an authenticated RCE, which requires execution as a NetworkService Account, the firm was noted by watchTowr researchers to have been "downplaying" the seriousness of the issue, which could be used to enable complete takeovers. Meanwhile, immediate patching has been advised by the Shadowserver Foundation amid attempted exploitation of the bugs. "While there is discussion on whether these are remotely exploitable without auth, we urge you to update your installations NOW," said the Shadowserver Foundation in a post on X, formerly Twitter.