![]() ![]() Click ' Yes ' through the prompts to reset the Workspace to Default. Select the option to ' Reset Citrix Workspace '. ![]() If you remember the JSON payload that was communicated over the pipe, hopefully you will recall the UpdateFileHash attribute that was submitted with the request. Reload Citrix Workspace (Epic Update 4.4.23) From the system tray ( lower right hand area of computer ) select the ( up carat ) icon. So, what did Citrix do to fix the previous vulnerability. I won’t dive into too much detail on the named pipe that Citrix Workspace use to trigger software updates from the unprivileged Workspace app as details for this can be found within the original blog post. You can find the updated Citrix security bulletin here. The core of the issue lies with a remote command line injection vulnerability that allows attackers to bypass Citrix signed MSI installers using a malicious MSI transform. Well after some further investigation on the initial fix I discovered a new vector that quite frankly should not exist at all since the previous reported vulnerability. (Citrix Workspace App) VERSION : 20.6.0.38 REVISION : A PASS : 1 DESCRIPTION : Citrix Workspace App is the easy-to-install client software that provides. Back in July I documented a new Citrix Workspace vulnerability that allowed attackers to remotely execute arbitrary commands under the SYSTEM account. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |