Last week, Cyber Security company NCC Group identified a critical vulnerability in Citrix Workspace app and Receiver for Windows.
CVE-2019-11634 is a vulnerability in Citrix’s digital workspace that gives an attacker read-write access to the client’s local drives. An attacker can generate a malicious URL and have a victim use it to establish a remote session. During this session, depending on the browser, it takes zero to one click to allow the server to access the client’s files.
This is an unusual exploit, where loading a malicious URL is sufficient enough to provide attackers with full access to a victim’s PC. This situation means there exist numerous possible attack methods, such as abusing compromised Citrix servers, or embedding malicious URLs inside infected web pages.
The vulnerable versions are Citrix Workspace for Windows prior to version 1904 and Receiver for Windows to LTSR 4.9 CU6 version earlier than 4.9.6001.
Citrix provides patched versions for both Workspace and Receiver LTSR in their KB article. It is strongly recommended that customers upgrade Citrix Workspace app to version 1904 or later and Receiver for Windows to LTSR 4.9 CU6 version 4.9.6001 as soon as possible.
The new Citrix Workspace app version and LTSR version are available for download from the following locations:
Reubin is a Principal Technical Consultant at Ferroque and consults on Microsoft, VMware, Public Cloud (AWS, Azure), and Citrix infrastructure platforms with a specialized focus on FSLogix and AWS. Reubin’s specialization is digital workspace technologies with interests in scripting and web coding.