[German]Another addendum from this week regarding the manufacturer Citrix. Citrix has issued a security bulletin for the vulnerabilities CVE-2023-24484 and CVE-2023-24485 in the Citrix Workspace App for Windows. So administrators using the Workspace app should update. In addition, a blog reader alerted me about issues with installing the Citrix Workspace App 2302 for Windows. I'll summarize these two issues in one article.
Advertising
Citrix Security Bulletin
I had already come across the security bulletin dated February 14, 2023 for the vulnerabilities CVE-2023-24484 and CVE-2023-24485 in the Citrix Workspace App for Windows on Twitter via the following tweet by Thorsten E.
Among the named CVEs, vulnerabilities allow an attacker with normal user privileges to gain SYSTEM privileges through the Citrix Workspace application. The vulnerability affects the following supported versions of Citrix Workspace App for Windows:
- Citrix Workspace App versions prior to 2212.
- Citrix Workspace App 2203 LTSR before CU2
- Citrix Workspace App 1912 LTSR before CU7 Hotfix 2 (19.12.7002)
If automatic updating is enabled, systems will receive a patch that closes these vulnerabilities. Citrix administrators should install the updates promptly, the manufacturer advises. Details can be found in Security Bulletin CTX477617 (Citrix Workspace app for Windows Security Bulletin for CVE-2023-24484 & CVE-2023-24485).
Blog reader Christian R. emailed me to point out more security bulletins from Citrix (thanks for that). He wrote:
Advertising
Citrix released some security vulnerabilities in its products on Feb. 14, 2023
Betroffen ist die Workspace App (Linux+Windows) und die Serverkomponente, der Citrix VDA:
All security bulletins are dated February 14, 2023 and hold the details you need.
Installation issues with Citrix Workspace App 2302
German blog reader Dominique H. emailed me this morning to alert me to an installation issue with Citrix Workspace App 2302 (thanks for that) and writes:
Dear Mr. Born,
we have been trying to install the Citrix Workspace App 2302 for Windows since yesterday.
Unfortunately, there must have been some kind of error in the installation file CitrixWorkspaceApp.exe.
The installation routine runs without problems, but the *.ica files are not linked to the Workspace App and there is no Citrix Workspace in the Windows autostart.
We have tested this exclusively under Windows 11 22H2 and Windows 10 21H2.
Citrix Workspace App 2302 is described in this Citrix post. Carl Stalhood has also posted notes about the app here.
Die Citrix Workspace App 2302 ist in diesem Citrix-Beitrag beschrieben. Carl Stalhood hat hier ebenfalls Hinweise zur App gepostet.
Back on February 3, 2023, a post Citrix Workspace 2302 install failing was posted in the Citrix user forum about the installation problem. The problem could be solved by deleting the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix
However, I have not encountered the problem described by Dominique H. yet. Does anyone from the readership have the error or even know a solution?
Advertising