Citrix Systems has released security updates for vulnerabilities in its Virtual Apps and Desktops and Workspace Apps products.

The security issues addressed are classified as high severity and could allow attackers with local access to the target to elevate their privileges and gain control of the affected system.

Citrix products are widely used by organizations around the world, so it is essential to apply available security updates to prevent intruders from having an easy way to elevate their privileges on compromised systems.

Escalation of privilege is a key step in a wide range of cyberattacks, including cyber espionage and ransomware, because threat actors must obtain higher privileges to stealthily exfiltrate data, disable security software, or spread to other systems for ransomware attacks.

The United States Cybersecurity & Infrastructure Security Agency (CISA) has posted an alert about applying Citrix security updates as soon as possible.

The vulnerabilities fixed by Citrix yesterday are:

• CVE-2023-24483: Improper privilege management flaw resulting in privilege escalation to NT AUTHORITY\SYSTEM. Impacts Citrix Virtual Apps and Desktops before 2212, 2203 LTSR before CU2, and 1912 LTSR before CU6.
• CVE-2023-24484: Improper access control flaw allowing log files to be written to a directory that should be out of reach for regular users. Impacts Citrix Workspace app for Windows before 2212, 2203 LTSR before CU2, and 1912 LTSR before CU6.
• CVE-2023-24485: Improper access control flaw leading to privilege escalation. Impacts Citrix Workspace app for Windows before 2212, 2203 LTSR before CU2, and 1912 LTSR before CU6.
• CVE-2023-24486: Improper access control flaw leading to session takeover. Impacts Citrix Workspace app for Linux before 2302.

CVE-2023-24483 is the most serious of the flaws fixed this time. NT AUTHORITY\SYSTEM is the highest level of access privileges on Windows, and a user granted this privilege can execute arbitrary code, access sensitive information, and modify system configurations without restrictions.

If the hacked system is part of a network, gaining NT AUTHORITY\SYSTEM access would allow the attacker to move laterally within the network and also pivot to adjacent systems.

The recommended upgrade targets that fix the above vulnerabilities are as follows:

• Citrix Virtual Apps and Desktops 2212 and later
• Citrix Virtual Apps and Desktops 2203 LTSR CU2 and later cumulative updates
• Citrix Virtual Apps and Desktops 1912 LTSR CU6 and later cumulative updates
• Citrix Workspace app 2212 and later
• Citrix Workspace App 2203 LTSR CU2 and later cumulative updates
• Citrix Workspace App 1912 LTSR CU7 Hotfix 2 (19.12.7002) and later Cumulative Updates
• Citrix Workspace app for Linux 2302 and later

“Citrix strongly recommends that customers upgrade to a fixed version as soon as possible,” warns the software publisher. safety bulletin.

Currently, there are no mitigations or workarounds for discovered security issues. Updating the affected products is therefore the only recommended approach to address the risks.