The flaw is being exploited in the wild, and no patches will be available until Sunday.
Google reported that 97 flaws were exploited in the wild in 2023, up 50 percent from the number of zero-day attacks recorded in 2022.
Microsoft fixed the flaw as part of its regularly scheduled updates on Tuesday.
Flaws in Citrix NetScaler and ADC Gateway have historically been targeted by threat actors, though researchers don't believe the impact of these two bugs to match that of CitrixBleed.
Patches will be released starting Jan. 22, but until then Ivanti urges customers to apply mitigations.