It is highly recommended to patch any Citrix devices in an organization’s environment as soon as possible if they are vulnerable to either of these vulnerabilities. Since at least one of them is known to have threat actors actively exploiting it, the sooner the devices can be patched, the less chance that a threat actor will be able to compromise it and spread throughout an organization. It is recommended that organizations update their Citrix applications to the latest versions possible, to help fix these issues and any other vulnerabilities that have been discovered since. It is also highly recommended to implement and maintain a consistent patching cycle for all devices, particularly any Internet-facing ones. Applications like Citrix are a common target for threat actors due to their popularity among enterprises. Due to this, making sure they are consistently up-to-date on patching can help prevent a threat actor from obtaining a foothold in an organization’s environment.
Source: https://www.bleepingcomputer.com/news/security/thousands-of-citrix-servers-vulnerable-to-patched-critical-flaws/
