Hello, welcome to the Monday, January 27th, 2020 edition of the Sands and its Stormsendors Stormcast.

My name is Johannes Ulrich, and the day I'm recording from Augusta, Georgia.

On Friday, Citrix made available the last patches for the Citrix ADC and Citrix Gateway Vulnerability, CVE 2019, 19781.

The last patch released was for version 10.5, and with this patch, you have now patches available

for all currently still supported versions of Citrix ADC, Cirrix Gateway,

and Citrix SD-WAN.

Of course, the big question everybody's mind is, are you already compromised?

The quick answer is, well, that depends.

If you apply the workaround before Christmas, then you're probably okay.

If you waited with the workaround until after about January 6th, then chances are that you have been compromised.

Now, I mentioned on Friday that Citrix and Fire Eye came up with a scanner to check

if your system has been compromised. This scanner is not perfect. If you have a system that is

vulnerable, it's exposed, and you didn't apply any workaround, you're just applying the patch

now, then I would say it's pretty certain that that system has gotten compromised.

Now the Fire Eye tool is certainly a useful tool. I don't want to diminish its value here,

but be aware if it shows you that the system was compromised,

then please do not just remove the artifacts that it finds.

Likely, you got compromised by several exploits.

Some of them may be detected by the tool, some of them will not. The only way I would use this Fire Eye tool

is if it shows that you are compromised,

rebuild the system from scratch.

The first way you could possibly use the Fire Eye tool

...