Jump to content
Welcome to our new Citrix community!
  • 0

Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483


Mikael GENAUDEAU1709163664

Question

Hi,

 

CVE from today :  Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483

 

https://support.citrix.com/article/CTX477616/citrix-virtual-apps-and-desktops-security-bulletin-for-cve202324483

 

this is unclear, from my side, I mean...

 

Is it recommend to update the VDA or the complete infra ?

What about the old version 7.x ?

 

Regards ,

 

Mikael

Link to comment

7 answers to this question

Recommended Posts

  • 0
21 hours ago, Carl Stalhood1709151912 said:

The article says that the VDA is vulnerable, so I assume that upgrading the VDA is sufficient.

 

Only 1912 and newer are supported by Citrix, so no fixes for older.

 

Carl what about LTSR versions? 7.15 LTSR has extended support until 2027, is that version just not affected?

Link to comment
  • 0

I've been advised by support (after they initially said that 7.15 CU would resolve this vuln) that to get a fix we would need to take out extended support at 100k or upgrade our environment.

 

Anyone know what is actually meant by the Pre condition on the vulnerability of 'Local access to a Windows VDA as a standard Windows user' ? Is this meaning the user would have to be logged on locally to the Windows Server that has the VDA installed on it and not actually through a Citrix session?

Link to comment
  • 0

Did anyone get a definitive answer from Citrix regarding LTSR 7.15 (CU9) (EOES 15/8/28);

 

1 - Whether its only the VDA's which need patching (and not the whole infrastructure (storefront, ddas etc)

2- Whether CU9 (released 8/7/22) includes the patch?

3 - If CU9 doesn't include the patch whether they are planning to release a security patch ( I cant currently see one under LTSR 7.15  https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/  (I understand CItrix plan is that they will release security patching for EOES products for users  paying CSS after the EOL date for CVAD..)?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...