Citrix Workspace app for Windows enables rights extension

Citrix warns of security vulnerabilities in Workspace app for Windows. They allow malicious actors to extend their rights to the SYSTEM level.

The Citrix developers discuss the vulnerabilities in a support article. The US IT security authority CISA also warns of the vulnerabilities and adds to the classification that attackers can take control of vulnerable systems.

Two privilege escalation vulnerabilities

Citrix only provides brief information about the vulnerabilities. Due to insufficient monitoring of a resource over its lifetime (CWE-664), local users with low rights can extend their rights to SYSTEM (CVE-2024-7889, CVSS 7.0, risk"high"). A second vulnerability is based on insufficient rights management (CWE-269) and also allows malicious actors with low rights to obtain SYSTEM rights (CVE-2024-7890, CVSS 5.4, medium).

Citrix Workspace app for Windows before version 2405 and the version with long-term support before 2402 LTSR CU1 are affected. Citrix recommends that IT administrators update to these or newer versions to close the security leaks. Admins will receive the updates via the channels known to them.

Citrix products are the focus of cybercriminals. At the end of last year, for example, the US provider Xfinity took 13 days to apply a patch against the security vulnerability known as "CitrixBleed". As a result, attackers were able to penetrate the leak and access the data of around 36 million customers. It is therefore advisable to install Citrix updates as soon as they are available.

Citrix last closed several security gaps in its products in July. These included one in the Netscaler Console, which was classified as a critical risk. In addition, there were further vulnerabilities classified as high-risk in other Citrix products.

(dmk)