Handlungsempfehlung zu Schwachstellen im Citrix Endpoint Management (XenMobile)

Citrix hat auf kritische Schwachstellen im Citrix Endpoint Management (ehemals XenMobile) aufmerksam gemacht.

Unsere Experten empfehlen dringend, die entsprechenden Patches schnellstmöglich einzuspielen, um Ihre Infrastruktur abzusichern. Originalmeldung s. unten.

Gern unterstützen wir Sie dabei, melden Sie sich dazu bitte bei unserem Support-Team per Mail (support@k-is.com) oder telefonisch (Deutschland: +49 271 31370-30 (Siegen) oder +49 6761 9321-55 (Simmern) | Schweiz: +41-55-536-1020) und vereinbaren einen zeitnahen Termin.

 

Originalmeldung von Citrix:

On Tuesday, August 11, Citrix will publish a security bulletin concerning Citrix Endpoint Management (CEM), formerly named, and often still referred to, as XenMobile. 

This security bulletin will cover a set of critical vulnerabilities. The CEM Cloud Service already has been upgraded to fix these vulnerabilities. This notice applies to on-premises versions.  Our records indicate you have one or more instances of vulnerable on-premises deployments.

Once the security bulletin is published, we anticipate exploits being made public in short order, and for malicious actors to move immediately to exploit.  Failure to fix prior to the security bulletin publication would leave you exposed.  Alternatively, our recommendation is to take unprotected versions off the network.
 
The latest rolling patches that need to be applied are available at the links below for specific versions of CEM/XenMobile servers:
• 10.12 https://support.citrix.com/article/CTX277473
• 10.11 https://support.citrix.com/article/CTX277698
• 10.10 https://support.citrix.com/article/CTX279101
• 10.9 https://support.citrix.com/article/CTX279098

Any versions prior to 10.9.x must be upgraded to a supported version with the latest rolling patch. We recommend that you upgrade to 10.12 RP3, the latest supported version.