888.624.6737

syse-blog-header

SECURITY ALERT: Citrix Virtual Apps and Desktops Vulnerability

February 20, 2023 | Posted in:

Security Bulletins & Alerts

Systems Engineering is aware of the major security flaw affecting Citrix Virtual Apps and Desktops: CVE-2023-24483.

The vulnerability's severity is rated as HIGH.

Description

A vulnerability has been identified in Citrix Virtual Apps and Desktops platforms that give standard users elevated or administrative privileges when on affected systems. Increased privileges could result in unintended modifications to an environment that lead to network disruptions, downtime, or compromise.

Scope

The following Citrix Virtual Apps and Desktops, formerly XenApp and XenDesktop, versions are affected: 

  • 2212 Long Term Service Release (LTSR)
  • 2203 LTSR before CU2 
  • 1912 LTSR before CU6 

Course of Action

Currently, no known security patches or workarounds are available for this flaw.

In conjunction with Citrix recommendations, Systems Engineering strongly advises clients to upgrade to a version of Citrix Virtual Apps and Desktops that contains the fixes.

  • If you are a managed services client of Systems Engineering with an affected system, your Account Manager will reach out to talk about next steps.
  • For all other clients or any business with affected systems, we recommend upgrading your environment as soon as possible.

In the meantime, security measures, like Multi-Factor Authentication, will reduce the chance that hackers will penetrate your environment and compromise your network due to this vulnerability.

When security flaws are identified, timely remediation will keep your organization safe from cybercriminals eager to exploit the vulnerability. Acting on the information will also help you adhere to cyber liability insurance requirements and comply with state or industry regulations.


If you are a Systems Engineering client with questions about this security alert, please contact your Account Manager.

For more information about Systems Engineering's managed security solutions, visit systemsengineering.com/security or call us at 888.624.6737.