Citrix Faces New RCE Threats with Zero-Day Vulnerabilities

November 12, 2024 at 02:01 PM

•

1 min read

Citrix Faces New RCE Threats with Zero-Day Vulnerabilities — Photo: The Hacker News

TL;DR Summary

New security flaws in Citrix Virtual Apps and Desktop could allow unauthenticated remote code execution (RCE) due to misconfigured MSMQ permissions and the use of BinaryFormatter for deserialization. The vulnerabilities, CVE-2024-8068 and CVE-2024-8069, require attackers to be authenticated users within the same Windows Active Directory domain. Citrix has released patches for affected versions, and Microsoft advises against using BinaryFormatter due to its security risks.

Topics:technology #binaryformatter #citrix #cybersecurity #msmq #rce #vulnerability

Share this article

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration The Hacker News
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown) watchTowr Labs
Exploit code released for RCE attack on Citrix VDI solution The Register
Citrix Zero-Day Bug Allows Unauthenticated RCE Dark Reading
New Citrix Zero-Day Vulnerability Allows Remote Code Execution Infosecurity Magazine

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

87%

511 → 64 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights