Contact Info

Atlas Cloud LLC 600 Cleveland Street Suite 348 Clearwater, FL 33755 USA

support@dedirock.com

Client Area
Recommended Services
Supported Scripts
WordPress
Hubspot
Joomla
Drupal
Wix
Shopify
Magento
Typeo3

Cybersecurity researchers have recently identified new vulnerabilities within Citrix Virtual Apps and Desktop, which could allow for unauthenticated remote code execution (RCE). These issues arise from the Session Recording component, designed for system administrators to monitor user activities, including keystrokes and mouse movements.

The vulnerability is particularly linked to a poorly secured Microsoft Message Queuing (MSMQ) instance with misconfigured permissions, which can be accessed via HTTP. This flaw allows potential attackers to exploit the BinaryFormatter feature for RCE without any authentication, if they are within the same Active Directory domain as the session recording server.

The specific vulnerabilities are as follows:

  • CVE-2024-8068: This allows privilege escalation to the NetworkService Account (CVSS score: 5.1).
  • CVE-2024-8069: This permits limited remote code execution with NetworkService Account access (CVSS score: 5.1).

Despite Citrix’s mention that exploitation requires the attacker to be an authenticated user on the same network, the flaws pose a significant risk. They have been addressed in various updates for Citrix Virtual Apps and Desktops, including versions before several hotfix releases.

Additionally, Microsoft has advised developers to move away from using BinaryFormatter for serialization due to security risks. A warning has been issued regarding the unsafe nature of this method when dealing with untrusted input, leading to its removal in .NET 9 in August 2024.

The core issue stems from the Session Recording Storage Manager, which processes the session recordings sent from clients that enable this feature. The analysis highlights the excessive privileges of the queue instance and the use of BinaryFormatter to deserialize data, compounded by insecure permissions during the initialization process.

Given this, attackers could leverage these vulnerabilities to issue crafted MSMQ messages over the internet, resulting in unauthenticated RCE. Researchers have outlined the detailed process of exploiting these vulnerabilities, emphasizing the precarious nature of the setup that permits such exploits.


Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.

Share this Post
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x