• Insights

Citrix Virtual Apps and Desktops Security Update

Jeff Silverman

< 1 min read

All Insights

Issue

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could potentially allow a Windows VDA user to escalate their privilege level on that VDA to SYSTEM (CVE-2021-22928).

Mitigating Factors

The vulnerability only applies to VDAs that have either Citrix Profile Management or the Citrix Profile management WMI plug-in installed. Note that in environments where FSLogix is used for profile management, the VDA typically still has Citrix Profile Management and the Citrix Profile Management WMI plug-in installed as these components are necessary to drive some statistics in Director (e.g. logon duration).

Affected Versions

  • Citrix Virtual Apps and Desktops 2106 and earlier
  • Citrix Virtual Apps and Desktops 1912 LTSR CU3 and earlier
  • Citrix Virtual Apps and Desktops 7.15 LTSR CU7 and earlier

Recommended Action

Citrix recommends applying the applicable hotfix to affected VDAs as soon as possible.

More Information

You can read more about the issue here or reach out to our team if you would like professional assistance.