Security News > 2023 > February > Citrix fixes severe flaws in Workspace, Virtual Apps and Desktops
Citrix Systems has released security updates for vulnerabilities in its Virtual Apps and Desktops, and Workspace Apps products.
Citrix products are widely used by organizations worldwide, so it's critical to apply the available security updates to prevent intruders from having an easy way to escalate their privileges on breached systems.
Privilege escalation is a key stage in a broad range of cyberattacks, including cyber espionage and ransomware, as threat actors need to gain higher privileges to stealthily exfiltrate data, disable security software, or spread to other systems for ransomware attacks.
CVE-2023-24483: Improper privilege management flaw leading to privilege escalation to NT AUTHORITYSYSTEM. Impacts Citrix Virtual Apps and Desktops before 2212, 2203 LTSR before CU2, and 1912 LTSR before CU6.
NT AUTHORITYSYSTEM is the highest level of access privileges on Windows, and a user gaining that privilege can execute arbitrary code, access sensitive information, and modify system configurations without restrictions.
Thousands of Citrix servers vulnerable to patched critical flaws.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2023-24483 | Improper Privilege Management vulnerability in Citrix Virtual Apps and Desktops A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. | 7.8 |