Emergency change: apply workaround citrix vulnerability
Scheduled Maintenance Report for ASPEX - Statuspage

This week, we have mitigated the vulnerabilities of our Citrix environment. We have seen some hacking attempts, but haven’t found any evidence of abuse or further break out to the rest of our infrastructure. To be sure, we will have this further investigated by external security experts.

We have taken every step recommended by Citrix. Because of the use of network isolation and firewall the risk to our infrastructure is low anyway. The vulnerability is was located in the Citrix gateways, our Netscalers, which are used to secure our Citrix server (on which the application and users are working) from the internet

What does this mean for you or your clients?
Nothing. We haven’t seen any proof of a data breach or data exfiltration. To be sure, we will have this further investigated. You don’t need to do a thing.

Posted Jan 17, 2020 - 09:13 CET

The scheduled maintenance has been completed.
Posted Jan 15, 2020 - 02:00 CET
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Jan 15, 2020 - 00:01 CET
This evening, we will apply through emergency procedures a workaround for the recent discoverd vulnerability in the Citrix Netscalers we are using. A Full fix isn't available yet.

We have already applied the workaround in our acceptance environment and on 1 Netscalers in production. Tonight we will apply it to the rest of our environment. We are taking measures to have as low impact as possible, but some connection might get disconnected.

In technical terms: we will apply the workaround as documented on https://support.citrix.com/article/CTX267679. The Netscaler who need to receive the workaround, don't receive new connections. Connections still active when applying the workaround will be closed. Users can reconnect to their applications
Posted Jan 14, 2020 - 16:04 CET
This scheduled maintenance affected: ASPEX Datacenter (Citrix Farm).