Citrix Announces a New Citrix Workspace App Vulnerability

by Daniel Ruiz
Senior Solutions Architect

Citrix announces a new Citrix Workspace App vulnerability.  Customers should upgrade to a fixed version as soon as possible or check if the version they are running has been automatically updated.

Vulnerabilities:

• The vulnerability could result in a local user escalating their privilege level to SYSTEM on the computer running Citrix Workspace app for Windows.
• It only exists if Citrix Workspace app was installed using an account with local or domain administrator privileges.  This includes installations done via a CM Task Sequence (using the SYSTEM account).
• Does not exist when a standard Windows user installed Citrix Workspace app for Windows.

Affected versions:

• Citrix Workspace App earlier than 2105
• Citrix Workspace App earlier than 1912 LTSR CU4

Mitigating Factors:

• Citrix Workspace App 2105 and later
• Citrix Workspace App 1912 LTSR CU4 and later cumulative updates

Download links:

• Citrix Workspace app for Windows is available from the following Citrix website locations:
  • https://www.citrix.com/downloads/workspace-app/windows/
  • https://www.citrix.com/downloads/workspace-app/workspace-app-for-windows-long-term-service-release/

If you would like more information or assistance from our industry-leading team of Citrix experts to plan and execute the upgrade, please contact us at service@helient.com.