November 12, 2024 at 10:15AM
Researchers revealed vulnerabilities in Citrix Virtual Apps and Desktop, potentially allowing unauthenticated remote code execution through misconfigured permissions in the Session Recording component. Citrix has issued hotfixes for affected versions (CVE-2024-8068 and CVE-2024-8069). Microsoft warns against using BinaryFormatter due to its security risks related to deserialization.
### Meeting Takeaways – November 12, 2024
**Subject: Vulnerabilities Identified in Citrix Virtual Apps and Desktop**
1. **New Vulnerabilities Discovered**:
– Recent security flaws have been identified in Citrix Virtual Apps and Desktop, specifically in the Session Recording component, leading to potential unauthenticated remote code execution (RCE).
2. **Key Vulnerability Details**:
– **CVE-2024-8068**: Privilege escalation to NetworkService Account (CVSS Score: 5.1).
– **CVE-2024-8069**: Limited remote code execution with the privilege of a NetworkService Account (CVSS Score: 5.1).
– Exploitation of these vulnerabilities requires the attacker to be an authenticated user within the same Windows Active Directory domain and intranet as the session recording server.
3. **Affected Versions**:
– Citrix Virtual Apps and Desktops before version 2407 hotfix 24.5.200.8.
– Citrix Virtual Apps and Desktops 1912 LTSR before CU9 hotfix 19.12.9100.6.
– Citrix Virtual Apps and Desktops 2203 LTSR before CU5 hotfix 22.03.5100.11.
– Citrix Virtual Apps and Desktops 2402 LTSR before CU1 hotfix 24.02.1200.16.
4. **Microsoft’s Recommendations**:
– Microsoft has advised developers to discontinue the use of BinaryFormatter for deserialization due to inherent security risks with untrusted input. This method has been removed from .NET 9 as of August 2024.
5. **Technical Insights**:
– The vulnerability stems from the Serialization process involving the Session Recording Storage Manager, which has misconfigured MSMQ permissions.
– An attacker can exploit these issues to send specially crafted MSMQ messages via HTTP, allowing for unauthenticated RCE.
6. **Action Items**:
– Review and apply relevant updates to Citrix Virtual Apps and Desktops to mitigate the identified vulnerabilities.
– Consider revisiting serialization practices in development, particularly in relation to deserialization security.
7. **Further Information**:
– For updates and exclusive content, individuals are encouraged to follow relevant channels on Twitter and LinkedIn.
Please feel free to reach out if further elaboration is needed on any topic.