Helient® Blog

Apache Log4j Vulnerabilities for VMware Horizon

by Christian Vindel Desktop & Applications Architect VMware has recently published a security update regarding it’s Horizon suite of products. A critical vulnerability that has been identified in CVE-2021-44228 which affects several VMware Horizon components and could allow for an attacker to execute remote code. It is imperative that these components be remediated as soon […]

Read more >

Apache Log4j Vulnerabilities (CVE-2021-44228) for Nutanix

by Danny Simmons Senior Systems Engineer Summary A critical vulnerability in Apache Log4j2 (CVE-2021-44228) has been publicly disclosed that may allow for remote code execution in impacted Nutanix products. Description This issue affects log4j versions between 2.0 and 2.14.1. The exploit requires an attacker to remotely access an endpoint and send arbitrary data logged or […]

Read more >

Use Your Citrix ADC (NetScaler) to Mitigate Apache Log4j Vulnerability Traffic

by Daniel Ruiz Practice Lead, Citrix Technologies Citrix ADC (NetScaler) can be used to protect your back end resources from the recent CVE-2021-44228 Log4j vulnerability. The Apache Log4j2 vulnerability, if exploited, allows an attacker to control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is […]

Read more >

iManage Apache Vulnerabilities (CVE-2021-40438 + CVE-2021-44228)

by Jared Barraford Managing Director Background Recently two critical risk Apache vulnerabilities were brought to the iManage security team for investigation, which were found to be exploitable under certain conditions for on-premises customers running specific Work products. At this time, these vulnerabilities do not apply, or have been mitigated for iManage Cloud customers with zero […]

Read more >

Apache Log4j Remote Code Execution Vulnerability

by Jared Hamilton Managing Director, Systems Engineering Over the past few days, the security community became aware of active exploitations of a recently disclosed vulnerability in Apache Log4j. This critical vulnerability (CVE-2021-44228), also named Log4Shell or LogJam, is a common component of the Apache Java-based software library, used for logging purposes. If the vulnerability is […]

Read more >

Palo Alto Firewall Vulnerability Discovered

by Robinson Roca Practice Leader – Network Infrastructure Firms using Palo Alto Firewalls with PAN-OS 8.1.17 or earlier; Helient recommends an upgrade as soon as possible.  A vulnerability has been discovered.  The Vulnerability CVE-2021-3064 is categorized with a CVSS Score of 9.8.  That is extremely high on the scale, and needs to be mitigated as […]

Read more >

Microsoft Urges Exchange November Security Update

by Michael Bianchi Senior Solutions Architect Microsoft announced an Exchange exploit today that requires immediate attention and remediation. CVE-2021-42321 is a post-authentication vulnerability that affects Exchange 2013, 2016 and 2019. This exploit is capable of opening remote shells and delivering malicious payloads, including crypto attacks. Helient and Microsoft both recommend getting to the minimum patch […]

Read more >

Multiple Vulnerabilities Discovered in Citrix ADC, Gateway and SD-WAN WANOP

by Daniel Ruiz Senior Solutions Architect Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. Citrix strongly recommends that affected customers install relevant updates as soon as possible.  If exploited could result in the following […]

Read more >

Daylight Saving Time Alert – Important Reminder About Upcoming Clock Change

by Armen Gharibian Managing Director This is a reminder that Daylight Saving Time ends at 2:00 AM (EDT) on Sunday, November 7th. This semiannual time change can cause major problems with VDI environments such as machine registration issues, session disconnects, and group policy failures. Whether using Citrix Provisioning Services, Citrix Machine Creation Services, or VMware […]

Read more >

VMware Removes Option For SD Card/USB as a Standalone Boot Device

by Danny Simmons Senior Systems Engineer VMware has announced that starting from the next major vSphere release, SD cards/USB media as a standalone boot device will not be supported. The decision to remove this option came about due to the many issues related to device reliability when SD cards are used as the boot device […]

Read more >