Citrix Announces New CVAD VDA Security Vulnerability

by Daniel Ruiz
Practice Lead, Network Infrastructure

On February 14th, 2023, Citrix announced new Citrix Virtual Apps and Desktops Windows VDA vulnerability. If exploited, it could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Windows VDA.

Helient recommends that customers upgrade to the latest version of the Virtual Apps and Desktops VDA as soon as possible. To maintain LTSR compliance with Citrix, Helient recommends upgrading the back-end CVAD environment to match the version of the VDA.

Affected CVAD versions:

Current Release (CR)

• Citrix Virtual Apps and Desktops versions before 2212

Long Term Service Release (LTSR)

• Citrix Virtual Apps and Desktops 2203 LTSR before CU2
• Citrix Virtual Apps and Desktops 1912 LTSR before CU6

Mitigating Factors:

Upgrade to the latest versions of Citrix Virtual Apps and Desktops contain fixes for this vulnerability:

• Citrix Virtual Apps and Desktops 2212 and later versions
• Citrix Virtual Apps and Desktops 2203 LTSR CU2 and later cumulative updates
• Citrix Virtual Apps and Desktops 1912 LTSR CU6 and later cumulative updates

If you would like more information or assistance from our industry-leading team of Citrix experts to plan and execute the upgrade, please contact us at service@helient.com.