Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2052 Vulnerabilities in Citrix Workspace app and Receiver for Windows 12 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Citrix Workspace App Citrix Receiver for Windows Publisher: Citrix Operating System: Windows Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-13885 CVE-2020-13884 Original Bulletin: https://support.citrix.com/article/CTX275460 - --------------------------BEGIN INCLUDED TEXT-------------------- Vulnerabilities in Citrix Workspace app and Receiver for Windows Reference: CTX275460 Category : High Created : 11 Jun 2020 Modified : 11 Jun 2020 Applicable Products o Receiver for Windows o Citrix Workspace App Description of Problem Vulnerabilities have been identified in Citrix Workspace app and Receiver for Windows that could result in a local user escalating their privilege level to administrator during the uninstallation process. The issues have the following identifiers: o CVE-2020-13884 o CVE-2020-13885 These vulnerabilities affect supported versions of Citrix Workspace app for Windows before 1912 and all supported versions of Citrix Receiver for Windows. Thesevulnerabilities do not affect Citrix Workspace app and Receiver on any other platforms. What Customers Should Do A new version of Citrix Workspace app for Windows has beenreleased. Citrixstronglyrecommendsthatcustomersupgrade Citrix Workspace app to version 1912orlater via Auto Update, or by directly running the installer.CustomersusingCitrixReceiver arestronglyrecommendedto upgrade to Citrix Workspace app. The new Citrix Workspace app versionisavailablefromthefollowingCitrixwebsitelocation: https://www.citrix.com/downloads/workspace-app/ The new LTSR versionisavailablefromthefollowingCitrixwebsitelocation: https://www.citrix.com/downloads/workspace-app/ workspace-app-for-windows-long-term-service-release/ workspace-app-for-windows-1912ltsr.html Acknowledgements Citrix would like to thank Andrew Hess for working with us to protect Citrix customers. Changelog +--------------------------+--------------------------------------------------+ |Date |Change | +--------------------------+--------------------------------------------------+ |2020-06-11 |Initial Publication | +--------------------------+--------------------------------------------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXuLayuNLKJtyKPYoAQhBng/+OHvh360igd20iZeoidx1POeq6cMFTJK7 xNMBEWq4+skHkw+SW4VzBFuQWw3m/yoLMuW+nJ1hwf0/ATCr7a5uBMrAzLM9/K1Y cpGk1GHe73Zi40Bq3u7wtMRMtpM0qCejRGDXaxSPXH57uyh/Fx5Ur6Vh+Wl6uKhc bxw//2zbj+kQZns10xnnOf9xvHC+S6lRV5UZpslboP3MS9Xin+UanE5oyyp2zQOG jSxyQDNzsOTeMDPZ/rtL82bdc3/RTZPeAVduwEvlqG6s4UG3TA9MpkdFWqUKDkhH DFEMD6euQ7EYeQ7P2rZVQ+g157tldN1Okklxw9pE91pGCgKvApj2JT55CGaljKOG yUEuu3hThIoFEO5t50m5XHgn6kc3ztIgjabSiBVnR6VTYjlRxsNuWkmrz/i+Aj0P bg8uBwsjU846PR7p/JC073jp6F14sEotX1d//JKdky/xWleYft9I6+BWjcUVLL87 uBJfeQOqRiCkbKTF2K77bl8Q/Xl20HcRIA24pbgQO4pxm12dv+nFrknjXgazJnO+ 37XuWwXMITuSHIbs0oofD2hkO2ix7j4Lr9W0MhGGWEbzcRNdGwnWWjH1ynPrbBk9 qf1gMv7mBHGkjbVdB6jQMsX9mAutoHQcDDvSyIORLZaNeA5WO8w43bAWagmktI7m hSxIGzxURiA= =6WYu -----END PGP SIGNATURE-----