Definitive patches have been tested and installed.
As we have stated on our support portal and as you may have noticed in the media, there are a number of vulnerabilities that have been found in the Citrix ADC Gateway. Mavim immediately responded by implementing the provided temporary patches. This has fixed the vulnerabilities. Last week, the definitive patch was tested and installed. The role Citrix plays within Mavim is limited to publishing from the Mavim Manager. The databases are stored in a secure location within Azure where no leaks were found or unauthorized code executed as far as we (Mavim, Intercept, Microsoft) can determine.
A number of vulnerabilities have recently been detected in both the Citrix ADC and Gateway and the Microsoft RDS Gateway solutions that we would like to inform you about. The measures below have been implemented directly on the relevant servers. Final patches are being tested and installed as soon as possible.
Citrix ADC- and Gateway
The vulnerability within these Citrix products can result in a situation where unauthorized people can execute arbitrary code. Citrix has already published a workaround that (temporarily) resolves the vulnerability. You can find more information about this here https://support.citrix.com/article/CTX267027.
Microsoft RDS Gateway
Microsoft has found and fixed vulnerabilities in Microsoft Windows RDP Gateway Server and Microsoft Windows Remote Desktop Client. A malicious party can potentially exploit the vulnerabilities to also execute arbitrary code, get hold of sensitive data, or perform a Denial of Service attack. In the meantime, updates have been installed to remedy this vulnerability. Further information about this subject can be found here https://www.ncsc.nl/actueel/advisory.
We will keep a close eye on the situation and inform you if changes occur.