Citrix Systems Releases Security Updates for High-Severity Vulnerabilities

February 15, 2023

Citrix Systems has released security updates for high-severity vulnerabilities in its Virtual Apps and Desktops, and Workspace Apps products. The vulnerabilities, identified as CVE-2023-24483, could enable attackers with local access to the target to elevate their privileges and take control of the affected system. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert urging organizations to apply the security updates as soon as possible.

The most severe of the flaws addressed by Citrix is CVE-2023-24483, which could allow a user to gain NT AUTHORITYSYSTEM access, the highest level of access privileges on Windows. This would enable the attacker to execute arbitrary code, access sensitive information, and modify system configurations without restrictions. If the breached system is part of a network, gaining NT AUTHORITYSYSTEM access would enable the attacker to move laterally within the network and pivot to adjacent systems as well.

Citrix strongly recommends that customers upgrade to a fixed version as soon as possible, as there is no mitigation advice or workarounds for the discovered security issues. Currently, the recommended upgrade targets that address the above flaws are the following: Citrix Virtual Apps and Desktops 7 1912, Citrix Virtual Apps and Desktops 7 1906, and Citrix Workspace App for Windows. Organizations should apply the security updates to prevent intruders from having an easy way to escalate their privileges on breached systems.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.