Citrix Application Delivery Controller and Citrix Gateway
Citrix provides one of the most popular remote access technologies in use today. Many organizations use Citrix Application Delivery to provide access to remote employees and contractors. Enterprises using this technology should take immediate action.
According to Citrix, a vulnerability in Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, could, if exploited, allow an unauthenticated attacker to perform arbitrary code execution. Several proof-of-concept examples have been published online that could be used by malicious actors to exploit this vulnerability.
Citrix strongly urges affected customers to immediately apply the provided mitigation. A patch is forthcoming.
Pulse Secure VPN is one of the most widely used tools allowing employees to securely access their corporate networks. The recently disclosed vulnerability allows an unauthenticated hacker to download an arbitrary file from a vulnerable Pulse Secure server. Organizations should upgradePulse Connect Secure and Pulse Policy Secure server software to the latest versions, which address the vulnerability.
Windows 10, Windows Server 2016, 2019
Nearly 1 billion devices worldwide are said to run Windows 10 or Windows Server operating systems—and all these devices could be vulnerable to malicious activity, putting their systems and information at risk. Microsoft and the US National Security Agency announced on 14 January that there are vulnerabilities in Windows 10 and Windows Server 2016 and 2019, recommending that all devices using these products be patched as soon as possible.
According to Microsoft, “an attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.” Additionally, “a successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.”
This security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.
Microsoft Windows Remote Desktop Gateway
According to Microsoft, “A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction.”
- Affects all supported Windows Server versions (Server 2012 and newer; support for Server 2008 ends January 14, 2020);
- Occurs pre-authentication; and
- Requires no user interaction to perform.
Windows Remote Desktop Client
According to Microsoft, “A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client.”
Exploit of CVE-2020-0611 requires the attacker to have control of a server and then convince a user to connect to a malicious server via social engineering, DNS poisoning, a man-in-the-middle attack or by the attacker’s compromising a legitimate server.
This security update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.