This is turning into a pretty bad week. Bad enough that I wanted to send you this quick update to make sure you know about it.
1) If you run ANY NetScaler or Citrix ADC right now, there’s a crucial fix you need to run to prevent a potential compromise. Reference CVE-2019-19781.
2) If you are just learning about this now, your ADC is likely already compromised or has been accessed for information. A few clients have already had cryptomining occuring which is scary. GET YOUR EMERGENCY CHANGE CONTROL IN TONIGHT and get this fixed. If you’ve been compromised, there’s a lot of steps to take.
I’ve got a post going with updates as I get them with a deadly-sounding headline that I’m hoping will actually get people’s attention. Because you need to pay attention on this one.
I’ve been participating in discussions with CTAs and CTPs as the situation develops. What I can tell you is on the webpage but also reference Citrix article CTX267679 for additional info. I’ll include links on the webpage as they become available. But having seen these compromises first hand I can tell you I’m tracking this at more than a dozen customers that waited too long to apply the prevention patch.
3) Microsoft Updates – I’m still tracking information on this one but a major Certificate tracking flaw has been found by the NSA and Microsoft released a patch today. What you need to know is that this patch was released as “Important” but not “Critical” because there have been no reported incidents. Time is a factor on this one. Make sure you are updating your images and including this update. Many environments only apply Critical updates so my advice is to get ahead of this now and test the update now. This one is classified as CVE-2020-0601
DJ Eshelman
