Good: IT admins scrambled to patch 80 per cent of public-facing Citrix boxes to close nightmare hijack hole
Bad: The other 20 per cent are still wide open. Also bad: Some of those patched machines may have been hacked
Roughly a fifth of the public-facing Citrix devices vulnerable to the CVE-2019-19781 remote-hijacking flaw, aka Shitrix, remain unpatched and open to remote attack.
Positive Technologies today estimated that thousands of companies remain open to the takeover vulnerability in Citrix ADC and Gateway. A successful exploit would give hackers a foothold in a compromised network.
The infosec biz, whose researchers discovered and disclosed the vulnerability in December of last year, has been heading up an awareness campaign to get as many of the estimated 80,000 Citrix customers worldwide patched and protected from the flaw.
Despite a massive push by Citrix, and others, to get vulnerable machines shored up, it is believed that thousands of machines worldwide, many in the US and UK, have not yet been fixed.
"Overall, the vulnerability is being fixed quickly, but 19 per cent of companies are still at risk. The countries with the greatest numbers of vulnerable companies currently include Brazil (43 per cent of all companies where the vulnerability was originally detected), China (39 per cent), Russia (35 per cent), France (34 per cent), Italy (33 per cent), and Spain (25 per cent)," Positive reports.
'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behindREAD MORE
"The USA, Great Britain, and Australia are protecting themselves quicker, but they each have 21 percent of companies still using vulnerable devices without any protection measures."
In terms of sheer numbers of exposed customers, the US remains the worst offender (not surprising, as 38 per cent of all the vulnerable boxes worldwide sat in the US) as more than 6,500 machines remain unpatched. The UK, meanwhile, houses 1,150 or more of the yet-to-be-patched systems, and Australia is home to 750. Surprisingly low on the list were China (550 vulnerable machines) and Russia (just 100 unpatched boxes), but that may reflect poor Citrix sales in those areas.
In the grand scheme of things, the effort to get vulnerable boxes patched has been above and beyond the normal speed at which bugs get addressed. Considering how many machines are exposed to months and even years-old vulnerabilities, having 80 per cent of all boxes in the wild patched in under two months is to be commended.
That said, the remaining 20 per cent of internet-facing machines should get patched ASAP, especially as there are now plug-and-play exploits being used in the wild. ®