Citrix Systems Releases Security Updates for High-Severity Vulnerabilities

February 15, 2023

Citrix Systems has released security updates for high-severity vulnerabilities in its Virtual Apps and Desktops, and Workspace Apps products. The vulnerabilities, identified as CVE-2023-24483, could enable attackers with local access to the target to elevate their privileges and take control of the affected system. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert urging organizations to apply the security updates as soon as possible.

The most severe of the flaws addressed by Citrix is CVE-2023-24483, which could allow a user to gain NT AUTHORITYSYSTEM access, the highest level of access privileges on Windows. This would enable the attacker to execute arbitrary code, access sensitive information, and modify system configurations without restrictions. If the breached system is part of a network, gaining NT AUTHORITYSYSTEM access would enable the attacker to move laterally within the network and pivot to adjacent systems as well.

Citrix strongly recommends that customers upgrade to a fixed version as soon as possible, as there is no mitigation advice or workarounds for the discovered security issues. Currently, the recommended upgrade targets that address the above flaws are the following: Citrix Virtual Apps and Desktops 7 1912, Citrix Virtual Apps and Desktops 7 1906, and Citrix Workspace App for Windows. Organizations should apply the security updates to prevent intruders from having an easy way to escalate their privileges on breached systems.

Latest News

• Arris Routers Vulnerable to Remote Code Execution
• Fortinet Releases Security Updates for FortiNAC and FortiWeb
• SolarWinds Patches High-Severity Vulnerabilities
• ProxyShellMiner Exploits Microsoft Exchange Vulnerabilities
• CISA Adds Four Security Vulnerabilities to Known Exploited List