Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467
Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Citrix released an advisory tagged CTX561482
Windows Server 2012 and 2012 R2 reaching end of support
October 10th, of 2023, might seem far off but that’s when Microsoft is ending support for Windows Server 2012 and Windows Server 2012 R2.
Unpatched or Unsupported Microsoft Exchange Servers Can Expect an SMTP 450 Error
On Monday, March 24th, 2023, Microsoft announced that it is enabling a transport-based enforcement system in Exchange Online serving three functions: reporting, throttling, and blocking.
Citrix NetScaler 12.1 Goes End-of-Life (EOL)
May 30th, 2023, marks the end-of-life (EOL) for Citrix NetScaler firmware 12.1. EOL refers to the termination of support and updates for Citrix NetScaler 12.1. This means that after the May 30th date, Citrix will no longer provide technical support, security updates, or bug fixes for NetScaler 12.1. Users’ Citrix NetScaler devices will no longer receive critical security updates or technical support, leaving their devices vulnerable to potential security threats and software bugs. This can result in reduced system performance, reliability, and compatibility issues with newer software and hardware.
ICYMI: Recap of Last Week’s Security Alerts – week of March 12, 2023
Microsoft Outlook Privilege Elevation Vulnerability (CVE-2023-23397)
CISA added a zero-day vulnerability affecting Microsoft Outlook that is actively exploited in the wild. Microsoft has released a patch for the vulnerability as part of their March 2023 Patch Tuesday.
VMware Cloud Foundation remote code execution vulnerability via XStream (CVE-2021-39144)
CISA identified VMware products to the CVE-2021-39144 vulnerability in its Known Exploited Vulnerabilities (KEV) catalog following confirmation from VMware that this bug is being exploited since December 2022.
Veeam Backup & Replication Vulnerability (CVE-2023-27532)
A vulnerability been found in Veeam Backup & Replication that enables an unauthenticated user to request encrypted credentials, which can give them access to server hosts used for backup infrastructure.
Critical VMware product vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)
Microsoft Ends Security Updates, Technical Support for Windows 7 and 8.1
