Helient® Blog
Upcoming Mandatory Changes for Microsoft Authenticator App
By Gregory Hall Senior Cloud Architect Systems Engineering Administrators can now prevent accidental Multifactor Authentication (MFA) approvals in Microsoft Authenticator with number matching, location context, and application context. The uptick in MFA fatigue attacks has resulted in the need for organizations to review, adopt, and enforce security best practices. In the process of protecting Azure […]
Cisco SNMP Remote Code Execution Vulnerabilities
By Daniel Ruiz Practice Lead, Network Infrastructure The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to execute code remotely on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a […]
Transport-Based Enforcement System in Exchange Online
by Jeyakumar Durai (JD) Cloud Architect Microsoft is enabling a transport-based enforcement system in Exchange Online that will eventually block emails from unsupported and unpatched Exchange servers. The Enforcement system will run in Report mode for 30 days before it starts to throttle the emails progressively and […]
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
by Jeyakumar Durai (JD) Cloud Architect Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for New Technology LAN Manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address a critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook clients that connect to both an on-premises Exchange […]
Daylight Saving Time Alert – Important Reminder About Upcoming Clock Change
by Christopher Garcia Practice Lead – Desktop & Applications This is a reminder that Daylight Saving Time Begins at 2:00 AM (EST) on Sunday, March 12th. This semi-annual time change can cause major problems with VDI environments such as machine registration issues, session disconnects, and group policy failures. Whether using Citrix Provisioning Services, Citrix Machine […]
Citrix Announces New CVAD VDA Security Vulnerability
by Daniel Ruiz Practice Lead, Network Infrastructure On February 14th, 2023, Citrix announced new Citrix Virtual Apps and Desktops Windows VDA vulnerability. If exploited, it could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Windows VDA. Helient recommends that customers upgrade to the latest version of […]
Upgrade Alert: Citrix NetScaler 12.1 Firmware No Longer Supported After May 2023
Citrix has recently shared important updates regarding the End of Maintenance and End of Life dates for version 12.1 of the Citrix ADC(NetScaler). Starting from May 2023, customers using version 12.1 firmware will no longer be eligible for technical support. If you would like more information or assistance from our industry-leading team of Citrix experts […]
Helient Prepares Organization For Next Phase of Growth
January 2023, Philadelphia, PA – Helient Systems LLC (Helient) announces organizational changes to prepare the company for the next phase of growth. Helient has grown organically since inception serving Am 100 & 200 Law Firms. Founded by Steve Hatch and James Engelhard in 2012, Helient was designed to bring together top talent and experience to […]
New Exploit Bypasses the URL Rewrite Mitigations in Exchange Servers
by Jeyakumar Durai (JD) Cloud Architect Exchange administrators are aware of the Zero-day vulnerabilities CVE-2022-41040, Server-Side Request Forgery (SSRF) and CVE-2022-41082, Remote Code Execution (RCE) that were reported on September 29, 2022. Responding to these vulnerabilities, Microsoft initially released couple of immediate mitigations (URL Rewrite rule and Disable remote PowerShell access for non-admins) to be performed […]
Citrix Announces New Vulnerabilities in Citrix ADC & Citrix Gateway (NetScalers)
by Daniel Ruiz Practice Lead, Citrix Technologies Citrix announced new vulnerabilities discovered in Citrix ADC and Citrix Gateway. These vulnerabilities have the following identifiers: Affected versions of Citrix ADC and Citrix Gateway: (Citrix ADC and Citrix Gateway version 13.1 is unaffected.) Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32 […]