Citrix Faces New RCE Threats with Zero-Day Vulnerabilities
New security flaws in Citrix Virtual Apps and Desktop could allow unauthenticated remote code execution (RCE) due to misconfigured MSMQ permissions and the use of BinaryFormatter for deserialization. The vulnerabilities, CVE-2024-8068 and CVE-2024-8069, require attackers to be authenticated users within the same Windows Active Directory domain. Citrix has released patches for affected versions, and Microsoft advises against using BinaryFormatter due to its security risks.