According to SWR research, several thousand servers at authorities, companies and hospitals in Germany have a dangerous security hole.
It concerns a vulnerability in software of the network service provider Citrix, which has been known since mid-December. One problem: Citrix plans to release the first updates in a week that will completely close the gap. In the meantime, software code for malware that could exploit the vulnerability has been in circulation since the weekend.
The vulnerability could allow attackers to run their software code on the servers. According to data from Monday, SWR data journalists found the gap on more than 2,000 servers, including hospitals, federal and state authorities, power plant operators and banks.
Experts feared that criminal hackers would exploit the vulnerability to place malware at government agencies and companies that may not activate it until months later. "The companies compromised will continue to struggle with the effects of this vulnerability for months," said Hans-Martin Münch of the IT security company Mogwai Labs to the SWR.
The affected Citrix programs are used to optimize server performance and to dial into the IT infrastructure externally. After the security vulnerability was announced, the company initially published recommendations for measures to at least contain the danger.