Getty Images/iStockphoto

DHS Alerts to Citrix Server Vulnerabilities, Urges Remediation

DHS is urging companies to secure vulnerabilities found in certain Citrix servers that could be actively exploited by a hacker to run malicious code; security researchers are seeing an increase in scans seeking the flaw.

The Department of Homeland Security is urging organizations to secure vulnerabilities found in certain Citrix servers through its Application Delivery Controller and Gateway. Security researchers have seen an increase in scans seeking to find the flaw in the wild.

Healthcare providers rely on a massive list of endpoints, often found on legacy or outdated platforms. However, many fail to remediate known risks through patching or other temporary fixes, such as network segmentation.

For a known vulnerability without a patch, applying remediation efforts becomes crucial to ensuring network security. And as security researchers have noted, it only takes one exploited vulnerability to breach a network.

According to the notice, a hacker could leverage the Citrix vulnerability to launch malicious code on vulnerable systems and could also attack other connected resources within the internal network.

The flaw is found on all supported product versions and platforms, including the NetScaler Gateway 12.1, 12.0, 11.1, and 10.5 versions. Citrix has a number of healthcare customers. The platforms are used to connect to workstations and critical business systems, typically accessible on an organization’s network perimeter.

An earlier report on the flaw from Positive Technologies revealed that the flaws could give hackers access to the networks of about 80,000 companies in 158 countries. The US is the most at-risk country accounting for 38 percent of vulnerable organizations.

Citrix has not yet released a firmware update for the flaw but provided a security bulletin that outlines steps organizations can take to mitigate the risk. A second notice shows that the vendor plans to rollout patches beginning on January 20 through January 31.

Users can find the configuration changes, centered around the priorities of responder policies, which should be applied in the command line and management interfaces by IT security leaders to protect the impacted systems.

“Citrix strongly urges affected customers to immediately apply the provided mitigation,” officials wrote. “Customers should then upgrade all of their vulnerable appliances to a fixed version of the appliance firmware when released.”

Customers should also subscribe to bulletin alerts to receive a notification when the updated firmware becomes available.

This story has been updated with the patching schedule provided by Citrix.

Dig Deeper on Cybersecurity strategies