Microsoft Windows Vulnerability Notice & Citrix Vulnerability Notice
Notice: Today, Microsoft is releasing a security patch – it is critically important to execute this patch! The security of your organization’s network may depend on it.
According to KrebsonSecurity and multiple trustworthy industry sources, a vulnerability resides in a Windows component that handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI enables developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.
Notice: Citrix and its commercial virtual-private-network gateways (NetScaler) are susceptible to attack. This susceptibility gives attacker direct access the local network behind the gateways from the internet without the need for an account or authentication. Since there is not an available patch, there is a temporary solution that reduces the risk of the exploit. In addition to the temporary measure, GBS recommends several additional preventative measures.
CONTACT GBS IT Experts to discuss patching and additional preventative solutions.