- Citrix Workspace App 1912 For Mac
- Citrix Workspace App 1912
- Citrix Workspace App 1912 For Windows
- Citrix Workspace App 1912 Cu3
- Citrix Workspace Ltsr Cu3
I updated Citrix workspace app from 1909 to 1912 on some machines that also had Citrix Virtual apps and Desktops (for remote workers). Some users that use Citrix Remote PC (Citrix Virtual Apps and Desktops 1912) are no longer able to connect to their machines. Remote PC appears to want to launch but then just disappears. Version 1912 is the first Long Term Service Release (LTSR) of Citrix Workspace app for Windows. The documentation for the Current Release (CR) version of Citrix Workspace app for Windows is available at Citrix Workspace app for Windows. For more information about the lifecycles of CRs and LTSRs, see Lifecycle Milestones for Citrix Workspace app. When the Receiver is upgraded from 4.9.6001 to Workspace App for Windows 1912 or 2006, on the first launch of a published app, the shortcuts from their Desktop are removed. Solution This is expected behavior due to a design change. Current Description. Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. The Citrix Virtual Apps and Desktops 7 1912 Long-Term Service Release (LTSR) is now available for download. This LTSR brings two years’ worth of new functionality and feature enhancements to customers currently running 7.15 LTSR and gives our Current Release (CR) customers a chance to take advantage of all the latest updates.
The Citrix Virtual Apps and Desktops 7 1912 Long-Term Service Release (LTSR) is now available for download. This LTSR brings two years’ worth of new functionality and feature enhancements to customers currently running 7.15 LTSR and gives our Current Release (CR) customers a chance to take advantage of all the latest updates.
The LTSR Process
An LTSR release comes along once every few years. The Citrix Virtual Apps and Desktops LTSR track is targeted at customers with production environments who prefer to stay on the same version of the product for an extended period of time. The LTSR program offers up to 10 years of support, so administrators have plenty of time to plan, test, and deploy their environments. I discussed the benefits and deployment options in more detail in our LTSR prep blog.
Of course, if you are a CR customer, 1912 is still an important update for you; it’s the natural successor to Citrix Virtual Apps and Desktops 1909 in our CR cadence. Citrix have dozens of new features and improvements bundled in to keep your environments up to date!
What’s New?
If you’re currently on the LTSR track, you have more two years of feature updates since the 7.15 release to catch up on! If it has been a while since you took a look at our new releases, our feature matrix is a good place to start and see what you might have missed.
Additionally, Citrix delivered a lot of great content for your holiday reading. Here are some resources to help bring you up to date on everything this release has to offer:
- Top 10 reasons to upgrade to LTSR 1912 — Nick Rintalan, Principal Architect with Citrix Consulting Services and a certified expert in all things Citrix, gives a detailed overview of some of the most meaningful changes in functionality since the 7.15 LTSR.
- HDX Optimizations for Microsoft Teams — Only Citrix has a solution for virtualizing Microsoft Teams (and Skype for Business!), giving admins the benefits of centralized management while delivering to users a high-performing interactive solution. In this post, Product Manager Fernando Klurfan talks about our new Teams optimization, which applies to both CR and LTSR customers.
- User Personalization Layers — Like the simplicity of non-persistent environments but need user customization? User Personalization Layers persist user settings and applications in a separate, writeable layer that is attached when the user logs in. Dan Lazar, App Layering Product Manager, goes into detail on this new functionality, which is integrated into the VDA and Citrix Studio.
- HDX improvements — Miguel Contreras from our Product Management team does a deep dive on recent HDX improvements and updates to the VDA and delivers tips for deployment and upgrades.
Next Steps
Want to get a head start on the new year? Download the Citrix Virtual Apps and Desktops 7 1912 LTSR and start rolling it out to your pre-production environments today.
This vulnerability does not affect Citrix Workspace app on any other platforms or any supported versions of Citrix Receiver.
Mitigating Factors
This vulnerability only exists if Citrix Workspace app was installed using an account with local or domain administrator privileges. It does not exist when a standard Windows user installed Citrix Workspace app for Windows.
A remote compromise is only possible when the user has enabled Windows file sharing (SMB) and only when the updater service is running. If authentication is required for SMB then an attacker must be able to authenticate before they could exploit this issue.
Users with automatic updates enabled and applied should have already been updated to a fixed version.
What Customers Should Do
The issue has been addressed in the following versions of Citrix Workspace app for Windows:
- Citrix Workspace App 2008 or later
- Citrix Workspace App 1912 LTSR CU1 Hotfix 1 (19.12.1001) and later cumulative updates
Note that these versions have been updated since the original publication of this bulletin.
Citrix strongly recommends that customers check if the version they are running has been automatically updated and, if necessary, upgrade to a fixed version as soon as possible.
Citrix Workspace App 1912 For Mac
The latest version of Citrix Workspace app for Windows is available from the following Citrix website location:
The latest LTSR version of Citrix Workspace app for Windows is available from the following Citrix website location:
Acknowledgements
Citrix would like to thank Ceri Coburn at Pen Test Partners for working with us to protect Citrix customers during both the initial disclosure of this issue and subsequent variants.
Citrix Workspace App 1912
What Citrix Is Doing
Citrix Workspace App 1912 For Windows
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.
Citrix Workspace App 1912 Cu3
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html.
Reporting Security Vulnerabilities
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please visit the Citrix Trust Center at https://www.citrix.com/about/trust-center/vulnerability-process.html.
Changelog
Citrix Workspace Ltsr Cu3
| Date | Change |
| 2020-07-21 | Initial Publication |
| 2020-09-08 | Revision of fixed versions |