Jump to content
Welcome to our new Citrix community!
  • 0

CVAD Security Update - CVE-2021-22928, Required version


4 answers to this question

Recommended Posts

  • 0

I'd also like to know the answer to this.   The CTX article (CTX319750) doesn't clearly articulate what is required, just that 1912 CU3 and earlier are vulnerable.   I think I will power up a master image and install what looks like the correct fix, and push it to a test catalog and see what happens.


It would be handy if Citrix could release some details as to what to look for to see if your systems are vulnerable.   We don't use Citrix profile management (we use FSlogix instead) so it's not very clear currently if we need to patch or not.

Link to comment
  • 0

It should work with CU1, as it is a standalone version of the entire UPM package. However I advice against the 1912 CU3 version of the fix as it currently breaks Outlook.


"Known issues
With the Citrix Profile Management 1912 CU3 hotfix installed, Outlook is unable to launch. [UPM-3602]
As a workaround, replace the UpmOutlookHook.dll, UpmOutlookHook64.dll and UpmSearchSvcHook.dll binaries with ones from a non-patched VDA."

Link to comment
  • 0

That's odd - I have just tested and can launch Outlook no problem.   Is this perhaps an issue when actually using Citrix UPM, to manage user profiles?   As mentioned, we use FSLogix for user profiles, including Outlook cache, and only have this installed as it's recommended when installing the VDA initially.


EDIT - just seen that there is a new version of the updates published, which that listed as a known issue.   Whilst I'm currently using the older one, it seems as though this issue is probably resolved now.  I will test with the new version.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...