2024 Leap Year Bugs Affect Citrix and Sophos Software!!

The emergence of leap year flaws has introduced unexpected challenges for users of Citrix and Sophos products. These issues have manifested in various forms, disrupting the functionality and reliability of the software.

Customers have reported experiencing unexpected errors and glitches, prompting concerns about the overall stability and performance of these widely used platforms.

As companies rely heavily on Citrix and Sophos solutions for their daily operations, the impact of these leap year bugs underscores the importance of thorough testing and proactive measures to mitigate such vulnerabilities in software systems.

Citrix Software Grapples with Leap Year Bug

The initial indications of trouble surfaced today as numerous users took to the vendor’s support forums to report a critical issue: the Citrix HDX HTML5 Video Redirection Service suddenly ceased functioning across all Virtual Delivery Agent (VDA) machines.

This unexpected disruption raised concerns among users who rely on the service for seamless video redirection within their Citrix environments. The widespread nature of the problem underscored the urgency for Citrix to address and rectify the leap year bug that triggered the malfunction, leaving users grappling with service interruptions and seeking swift resolutions.

The affected service forms a crucial component of Citrix’s suite of virtualization products, serving diverse sectors including remote work, education, content delivery, and multimedia applications. Its role in enhancing user experience during video streaming within virtual desktop or app sessions is pivotal, achieved through playback optimizations that offload HTML5 video processing from the server to the client. This functionality not only ensures smoother playback but also optimizes bandwidth usage, contributing significantly to the overall efficiency and performance of Citrix environments.

Users reported that the sudden termination of the service impacted environments with various configurations, mirroring a problem described in a thread that was initially created on February 29th, 2020, coinciding with the last leap year occurrence. This parallel issue raised concerns about a potential leap year-related bug resurfacing within Citrix’s software ecosystem.

Eventually, Citrix responded to the user reports with a bulletin, saying that the issue was triggered only after a restart of the VDA, with the vendor suggesting the following workaround until a permanent fix is ready:

1. Stop the time service so that it does not automatically change to the correct date
2. Change the date to March 1st 2024
3. Stop and start the CtxHdxWebSocketService (Citrix HDX HTML5 Video Redirection Service)
4. Start the time service again.

Alternatively, users can run the following command through an elevated command prompt as an administrator:

net stop w32time & date 03-01-2024 & net start CtxHdxWebSocketService & net start w32time

Citrix says its engineering team is working on a fix for the issue so that users won’t have this problem during the next leap year, on February 29th, 2028.

It is unclear if this “glitch” will resolve itself tomorrow, March 1st, 2024, or if it will cause a permanent hang that might persist until an official fix is issued.

Sophos Software Also Impacted by Leap Year Bug

Sophos has officially acknowledged the impact of the leap year bug on its products. Specifically, Sophos Endpoint, Sophos Server, and Sophos Home users have been alerted to the potential occurrence of problems related to unexpected security certification validation warnings for HTTPS websites. The company has cautioned that if devices are rebooted on February 29th, 2024, users may encounter disruptions in the form of these warnings, highlighting the importance of user awareness and proactive measures to address the issue.

This revelation further emphasizes the widespread nature of leap year bugs, necessitating vigilance and responsive actions from Sophos users to mitigate any potential security and functionality issues.

This bug only pops up if the SSL/TLS decryption of HTTPS websites setting is enabled in the antivirus software, which is used to decrypt secure web connections so that the contents can be scanned for malicious scripts. This setting is disabled by default for all users of the security software.

Here’s the summary with each solution listed:

1. Sophos Endpoint: Sophos has taken proactive measures by automatically disabling SSL/TLS decryption for all customers to prevent potential issues. An upcoming software update is scheduled to address this bug, following which users are advised to revert any manual decryption disablements they may have made.
2. Sophos Server version 2023.1.x: For users encountering issues, the recommendation is to manually disable SSL/TLS decryption. From March 1st, 2024, rebooting servers will resolve the problem, and users can subsequently adjust settings as desired.
3. Sophos Server versions 2023.2.x: Sophos has implemented a policy override to disable SSL/TLS decryption for all affected users. A forthcoming software update will revert this change, and users who had manually disabled decryption should adjust their settings accordingly once the update is applied.
4. Sophos Home: Users facing issues with Sophos Home are advised to disable SSL/TLS decryption. It is recommended to reboot and re-enable decryption settings on or after March 1st, 2024, to mitigate any potential disruptions.

Leap years can indeed pose synchronization challenges, especially when software systems are not programmed to account for the extra day. Both Citrix and Sophos are actively addressing these issues to ensure smoother experiences during the next leap year in 2028.

---

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.