Yesterday Citrix released remaining permanent firmware fixes for the previously identified vulnerability, CVE-2019-19781. To help everyone Citrix has made it available to all customers, regardless of their maintenance entitlement.
Permanent fixes for CVE-2019-19781 ADC versions 13.0, 12.1, 12.0 and 11.1 are available now: These fixes also apply to Citrix ADC/Gateway Virtual Appliances (VPX) hosted on any of ESX, Hyper-V, KVM, XenServer, Azure, AWS, GCP or on a Citrix ADC Service Delivery Appliance (SDX).
It is necessary to upgrade all Citrix ADC/Gateway for instances running 13.0 (MPX or VPX) to build 184.108.40.206, for instances running 12.1 (MPX or VPX) to build 220.127.116.11, for instances running 12.0 (MPX or VPX) to build 18.104.22.168, for instances running 11.1 (MPX or VPX) to build 22.214.171.124 and for instances running 10.5 (MPX or VPX) to build 10.5.70.12 to install the security vulnerability fixes.
In October Citrix released a fix versions for a lot of Netscaler (ADC). Since the vulnerability is critical I wanted to mention on my blog.
A vulnerability has been identified in the management interface of Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, that, if exploited, could allow an attacker with access to the management interface to gain administrative access to the appliance.
Almost dead, but from version 1909 AppDNA is deprecated. Citrix purchased App-DNA in October 2011, now 8 years later the story ends.
Microsoft App Assure / FastTrack
The FastTrack Center Benefit for Windows Alternative to Citrix AppDNA is Microsoft App Assurance.(New name is FastTrack)
10 provides access to Desktop App Assure – a new service designed to address issues with Windows 10 and Office 365 ProPlus app compatibility. When you request the Desktop App Assure service, a FastTrack Specialist works with you throughout your migration to Windows 10 and Office 365 ProPlus and when you consume feature updates.
A Microsoft engineer works with you to address valid app issues at no additional cost to you with an eligible subscription. We also provide guidance to customers who face compatibility issues transitioning from Office clients to Office 365 ProPlus. This is a service provided by FastTrack and not a software package.
Its also own FastTrack for 365 migration as showed under. For more information see Microsoft own sites.
This summer VMware acquired AVI Networks. AVI Networks delivers Application Delivery Controllers (ADCs), same as Citrix Netscaler but are born in cloud.
Avi Vantage (ADC), now VMware NSX Advanced Load Balancer, provides central control for security policies with a software-defined architecture, and enables agile application security that aligns with DevOps practices.
Use of 2FA is something
everyone should use on all services in 2019. 2FA will stops a lot of the mayor
attack that has happened the last month. Example from Norway is attack on
Visma, Maersk, Hydro. I don’t say that 2FA will solve everything, but helps a
lot with the work. Everyone that has O365 license has free 2FA, admin just need
to enable it.
App Password is default allowed; this give no extra security when users can
create static password for apps like Outlook, OneDrive etc. When App Password
is disabled, you need to activate modern authentication to get apps to work.
Default is modern
authentication not enabled in Exchange Online. Modern authentication cannot be
enabled in O365 portal, just possible to do with PowerShell. Has created an example
how you can do this under:
Synergy 2018, Citrix announced that the change all products name. This is not first time we have heard that. It has taken over 6 months to change all documentation and installation ISO. If you plan to upgrade some of your Citrix product you need to know the new names.
For those of you that has not heard about the change, I have created a list of the most common used products:
Citrix Virtual Apps
Citrix Virtual Desktops
Citrix Workspace App
Citrix Endpoint Management
Citrix Unified Gateway
Its two name change I want to highlight, XenServer and NetScaler. WHY? XenServer is now Citrix Hypervisor and NetScaler is Citrix ADC.
First, Citrix Hypervisor, isn’t this a bit to obelus? Boeing does not call the newest flight model for Boeing Airplane. XenServer is well known name and have good reputation.
Citrix. ADC. I understand. Less, NetScaler is something EVERYONE associate with something good and a product that work well. The Name has been with Citrix since 2005 when Citrix bought NetScaler. NetScaler has been the begin of Citrix Network product and has over all this year been one of the most known Gateway, Load balancing and ADC in the marked. I hope the name will get a comeback in the next 1-2 year as XenApp did 🙂
Under I try to explain the flow of user registration. It require that you have done all setup steps from Citrix Docs. Go to you login page https://portal.citrixblog.no or something like that. Normal logon form with username and password is shown.
Depend if user has registered personal information earlier or not, it will popup for new user only. If old user want to change or check the information, they can use https://portal.citrixblog.no/register
Both URL will open this form:
Password reset flow
This chapter will cover a Password reset workflow. User go to the portal and try to logon. If they has forgotten the password, user can Click Forgot Password.
Release January 8, 2019—KB4480970 (Monthly Rollup) for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 has Known issues that give you BIG problem.
Out of all the problem, i will cover two of them:
1. SMBv2 stops workling
Symptom from Microsoft
SMBv2 could not be connected anymore after installing this patch. The admins with networks using SMBv2 shares are reporting the bug.
2. Network interface controller may stop working
Symptom from Microsoft
After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem.inf. The exact problematic configurations are currently unknown.