1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Citrix fixes major security flaws across several services

    From TechnologyDaily@1337:1/100 to All on Thu Feb 16 12:00:04 2023
    Citrix fixes major security flaws across several services

    Date:
    Thu, 16 Feb 2023 11:55:49 +0000

    Description:
    Flaws in Workspace, Citrix Virtual Apps and Desktops, allowed for elevation
    of privilege and remote code execution.

    FULL STORY ======================================================================

    Citrix released a patch for a number of high-severity vulnerabilities affecting multiple offerings, the company confirmed in a security bulletin earlier this week.

    Given the severity of the flaws, the prevalence of the tools in question, and the fact that there are no workarounds and other mitigations, the company
    said it was pivotal for the affected organizations to apply the fix immediately.

    The Us Cybersecurity & Infrastructure Security Agency (CISA) also chimed in, issuing an alert of its own, urging Citrix customers to not stall with the updates, BleepingComputer has found. Five flaws

    There are a total of five vulnerabilities addressed in the patch: CVE-2023-24483 (allows for privilege escalation), CVE-2023-24484 (allows for access to log files otherwise out of reach for regular users), CVE-2023-24485 (allows for privilege escalation), CVE-2023-24486 (allows for session takeover), and CVE-2023-24483 (allows for privilege escalation to NT AUTHORITY\SYSTEM).

    This final flaw is the most severe of all, giving potential threat actors a way to execute arbitrary code, obtain important documents, and tweak the target endpoints system.

    The tools affected by these flaws are Citrix Virtual Apps and Desktops, and the Workspace app, namely these versions: Citrix Virtual Apps and Desktops 2212 and later versions Citrix Virtual Apps and Desktops 2203 LTSR CU2 and later cumulative updates Citrix Virtual Apps and Desktops 1912 LTSR CU6 and later cumulative updates Citrix Workspace App 2212 and later Citrix Workspace App 2203 LTSR CU2 and later cumulative updates Citrix Workspace App 1912 LTSR CU7 Hotfix 2 (19.12.7002) and later cumulative updates Citrix Workspace app for Linux 2302 and later Read more

    Citrix urges admins to patch these dangerous flaws immediately


    NSA warns Citrix devices are under attack from Chinese hackers, so update
    now


    These are the best malware protections around

    Citrix strongly recommends that customers upgrade to a fixed version as soon as possible, the company said in its security bulletin.

    As there are no mitigations or workarounds for these flaws, the only way to remain secure is to install the patches, the company added. Here are the best firewalls

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/citrix-fixes-major-security-flaws-across-severa l-services


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)