Citrix fixes major security flaws across several services
>
Citrix has released a patch for some very serious vulnerabilities affecting multiple offerings, the company confirmed in a security bulletin earlier this week.
Given the severity of the bugs, the prevalence of the tools in question, and the lack of workarounds and other workarounds, the company said it was critical for affected organizations to immediately adopt the fix.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) also chimed in and issued its own warning, urging Citrix customers not to wait for the updates, BleepingComputer discovered.
Five flaws
A total of five vulnerabilities have been addressed in the patch: CVE-2023-24483 (allows privilege escalation), CVE-2023-24484 (allows access to log files otherwise out of reach of regular users), CVE-2023- 24485 (allows privilege escalation), CVE-2023-24486 (allows session inheritance), and CVE-2023-24483 (allows privilege escalation to NT AUTHORITYSYSTEM).
This last flaw is the most serious of all, giving potential threat actors a way to execute arbitrary code, obtain important documents, and modify target endpoints. (opens in new tab)system.
The tools affected by these errors are Citrix Virtual Apps and Desktops and the Workspace app, namely these versions:
- Citrix Virtual Apps and Desktops 2212 and later versions
- Citrix Virtual Apps and Desktops 2203 LTSR CU2 and later cumulative updates
- Citrix Virtual Apps and Desktops 1912 LTSR CU6 and later cumulative updates
- Citrix Workspace app 2212 and later
- Citrix Workspace App 2203 LTSR CU2 and later cumulative updates
- Citrix Workspace App 1912 LTSR CU7 Hotfix 2 (19.12.7002) and later cumulative updates
- Citrix Workspace app for Linux 2302 and above
“Citrix strongly recommends that customers upgrade to a fixed version as soon as possible,” the company said in its security bulletin.
Since there are no workarounds or workarounds for these errors, the only way to stay safe is to install the patches, the company added.
Through: Beeping computer (opens in new tab)