Helient® Blog
Citrix Gateway integration with Storefront Issue
by Daniel Ruiz Practice Lead, Citrix Technologies Citrix recently announced an issue with Citrix Gateway integration with Storefront. Users accessing Custom Themes based on RFWebUI may get stuck at a spinning circle after credentials are entered. The problem appears to occur for users connecting via Chrome or Chromium update version 100.0.4896.60 (Official Build) (64-bit). At […]
Microsoft to Retire and Disable Internet Explorer 11 Starting on June 15, 2022 | Action Required
by Jeffrey Firkin Desktop & Applications Engineer Microsoft has announced that the Internet Explorer 11 desktop application will no longer be supported on certain versions of Windows 10 starting June 15, 2022. Windows 10 versions affected by this announcement are as follows: Windows 10 client SKUs (version 20H2 and later) Windows 10 IoT (version 20H2 and […]
Zero Day Vulnerabilities Detected With APC UPS SmartConnect
By Robinson Roca Managing Director, Network Infrastructure Schneider Electric APC UPS have announced three Zero Day Vulnerabilities discovered by Armis Labs. These vulnerabilities pertain to a newer method of management using Schneider Electric’s cloud management called “SmartConnect”. This allows an attacker to impersonate the cloud and control the UPS. The CVEs pertaining to the vulnerability […]
Daylight Saving Time and VDI: Preparing for Potential Disruptions on November 5th
The upcoming Daylight Saving Time adjustment on Sunday November 5th at 2:00 AM (EST) can cause synchronization and operational issues in VDI environments. Machines, especially those using Citrix and VMware services, may experience time discrepancies leading to registration issues, session disconnects, and policy failures. To mitigate potential disruptions, it’s essential to update the base image […]
Apache Log4j Vulnerabilities for VMware vCenter Server and vCenter Cloud Gateway
by Danny Simmons Senior Systems Engineer Summary A critical vulnerability in CVE-2021-44228 has been determined to impact vCenter Server 7.0.x, vCenter 6.7.x & vCenter 6.5.x via the Apache Log4j open source component. VMware expects to fully address both CVE-2021-44228 and CVE-2021-45046 by updating log4j to version 2.16 in forthcoming releases of vCenter Server, as outlined […]
Microsoft Patches Windows AppX Installer Spoofing Vulnerability
By Jake Heberling Desktop & Applications Engineer On Tuesday, December 14, 2021, Microsoft released security updates to address 67 CVEs, seven of which are rated as critical, including a zero-day vulnerability in the Windows AppX Installer that is already seeing active exploitation. This is being tracked as CVE-2021-43890 and has a CVSS score of 7.1 […]
Apache Log4j Vulnerabilities for VMware Horizon
by Christian Vindel Desktop & Applications Architect VMware has recently published a security update regarding it’s Horizon suite of products. A critical vulnerability that has been identified in CVE-2021-44228 which affects several VMware Horizon components and could allow for an attacker to execute remote code. It is imperative that these components be remediated as soon […]
Apache Log4j Vulnerabilities (CVE-2021-44228) for Nutanix
by Danny Simmons Senior Systems Engineer Summary A critical vulnerability in Apache Log4j2 (CVE-2021-44228) has been publicly disclosed that may allow for remote code execution in impacted Nutanix products. Description This issue affects log4j versions between 2.0 and 2.14.1. The exploit requires an attacker to remotely access an endpoint and send arbitrary data logged or […]
Use Your Citrix ADC (NetScaler) to Mitigate Apache Log4j Vulnerability Traffic
by Daniel Ruiz Practice Lead, Citrix Technologies Citrix ADC (NetScaler) can be used to protect your back end resources from the recent CVE-2021-44228 Log4j vulnerability. The Apache Log4j2 vulnerability, if exploited, allows an attacker to control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is […]
iManage Apache Vulnerabilities (CVE-2021-40438 + CVE-2021-44228)
by Jared Barraford Managing Director Background Recently two critical risk Apache vulnerabilities were brought to the iManage security team for investigation, which were found to be exploitable under certain conditions for on-premises customers running specific Work products. At this time, these vulnerabilities do not apply, or have been mitigated for iManage Cloud customers with zero […]