Last week, Cyber Security company NCC Group identified a critical vulnerability in Citrix Workspace app and Receiver for Windows.
We found an RCE vulnerability in the Citrix Workspace & Receiver clients. It can be triggered through the browser simply by visiting a malicious website. No need to log into a rogue Citrix server.. Fix has now been released.https://t.co/X65MXtjvkm pic.twitter.com/d87fmt5VHL
— Rich Warren (@buffaloverflow) May 14, 2019
CVE-2019-11634 is a vulnerability in Citrix’s digital workspace that gives an attacker read-write access to the client’s local drives. An attacker can generate a malicious URL and have a victim use it to establish a remote session. During this session, depending on the browser, it takes zero to one click to allow the server to access the client’s files.
This is an unusual exploit, where loading a malicious URL is sufficient enough to provide attackers with full access to a victim’s PC. This situation means there exist numerous possible attack methods, such as abusing compromised Citrix servers, or embedding malicious URLs inside infected web pages.
The vulnerable versions are Citrix Workspace for Windows prior to version 1904 and Receiver for Windows to LTSR 4.9 CU6 version earlier than 4.9.6001.
Citrix provides patched versions for both Workspace and Receiver LTSR in their KB article. It is strongly recommended that customers upgrade Citrix Workspace app to version 1904 or later and Receiver for Windows to LTSR 4.9 CU6 version 4.9.6001 as soon as possible.
The new Citrix Workspace app version and LTSR version are available for download from the following locations:
https://www.citrix.com/downloads/workspace-app/
https://www.citrix.com/downloads/citrix-receiver/windows-ltsr/receiver-for-windows-ltsr-latest.html
-
Reubin Huckle
Reubin is a seasoned consultant specializing in Microsoft, VMware, Public Cloud, and Citrix infrastructure platforms, with a focus on digital workspace technologies and interests in scripting and web coding.