Helient® Blog
Citrix Announces New Vulnerabilities in Citrix ADC & Citrix Gateway (NetScalers)
by Daniel Ruiz Practice Lead, Citrix Technologies Citrix announced new vulnerabilities discovered in Citrix ADC and Citrix Gateway. These vulnerabilities have the following identifiers: Affected versions of Citrix ADC and Citrix Gateway: Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47 Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12 Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21 Citrix ADC 12.1-FIPS before 12.1-55.289 Citrix ADC […]
Daylight Saving Time Alert – Important Reminder About Upcoming Clock Change
by Christopher Garcia Practice Lead – Desktop & Applications This is a reminder that Daylight Saving Time ends at 2:00 AM (EST) on Sunday, November 6th. This semi-annual time change can cause major problems with VDI environments such as machine registration issues, session disconnects, and group policy failures. Whether using Citrix Provisioning Services, Citrix Machine […]
Microsoft Intune Connector for Active Directory Requires .NET Framework for Hybrid Azure AD Join Deployments
by Jake Heberling Desktop & Applications Engineer Included as part of the latest updates to Windows Autopilot, Microsoft has announced that starting in September 2022, the Intune Connector for Active Directory (ODJ Connector) will require .NET Framework version 4.7.2 or later to function correctly. This is a critical infrastructure component in Hybrid Azure AD Join […]
Announcing the End-of-Life Timeline For the Traditional Duo Prompt
by Michael Trantas Senior Solutions Architect Effective March 30, 2024 (18 months from now), the traditional Duo Prompt will no longer be available for two-factor authentication and Duo Support will stop supporting the traditional Duo Prompt experience, in favor of the Duo Universal Prompt. Duo is deprecating the traditional prompt because it utilizes iFrame technology […]
Fortinet Announces Major Operating System Vulnerability
by Robinson Roca Managing Director, Network Infrastructure Fortinet released a PSIRT (Product Security Incident Response) announcing a major vulnerability in their Fortigate operating system October 6th, with modifications included October 10th. Helient recommends an immediate upgrade for customers running FortiOS versions 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1. If you are running any version in […]
Zero-day Vulnerabilities in Microsoft Exchange Server
By Jeyakumar Durai (JD) Cloud Architect Couple of new Zero-day Vulnerabilities are identified in Microsoft Exchange Servers which are acknowledged and being addressed by Microsoft under the CVEs [CVE-2022-41040 –Side Request Forgery SSRF] , [CVE-2022-41082 –Remote Code Execution RCE ]. What is the impact due to these Vulnerabilities? Authenticated attackers who can access PowerShell Remoting […]
Microsoft Office 2016 & 2019 to Lose Support for Microsoft 365 Connections Starting October 2023
by Jake Heberling Desktop & Applications Engineer Microsoft has announced that support for connections to Microsoft 365 services from within Microsoft Office 2016 and 2019 will be impacted starting October 10, 2023. This will have potential implications for access to Exchange Online, SharePoint Online, and OneDrive for Business within those applications, but is not limited […]
Microsoft Starts Disabling Basic Authentication on October 1st, 2022
By Jeyakumar Durai (JD) Cloud Architect Microsoft has announced that October 1st, 2022, is the deadline for the deprecation of “Basic Authentication” usage in M365 tenants. There will be a tenant “Message Center” notification posted seven days prior to October 1st informing customers that “Basic Authentication” will be disabled on any services configured to use […]
Action Required: Active Directory Federation Services (AD FS) Vulnerability
by Armen Gharibian Managing Director Microsoft Security Researchers have identified and named a new vulnerability they are coining “MagicWeb” which can be potentially found in organizations who have deployed Active Directory Federation Services (AD FS). MagicWeb grants the ability to obtain and maintain persistent access to the environment. NOBELIUM, the threat actor group believed to […]
Reminder: Deprecation of TLS Protocols & Ciphers Used For Azure AD Communication
by Jake Heberling Desktop & Applications Engineer To improve the security posture of Azure tenants and remain in compliance with industry standards, Microsoft deprecated Transport Layer Security (TLS) 1.0 and 1.1 protocols as well as the 3DES cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA) for all Azure Active Directory communication starting on January 31, 2022. Examples of applications that […]