- On the Citrix online store, you can buy Citrix Workspace, App Delivery & Security products, or learn about our products, subscriptions and request a quote. Download Citrix Workspace app Citrix Workspace app is the easy-to-install client software that provides seamless secure access to everything you need to get work done.
- With this release, Citrix Workspace app introduces an option to disable the storing of authentication tokens on the local disk. For enhanced security, we now provide a Group Policy Object (GPO) policy to configure the authentication token storage. Microsoft Teams enhancements 4. The VP9 video codec is now disabled by default.
- Receiver
To resolve this issue, download the Receiver auto-update fix located in the latest downloads page.
- Windows - https://www.citrix.com/downloads/citrix-receiver/windows/receiver-for-windows-latest.html
- Mac - https://www.citrix.com/downloads/citrix-receiver/mac/receiver-for-mac-latest.html
Applicable Product Versions:
- Receiver for Windows: 4.8, 4.9, 4.9 LTSR CU1, 4.9 LTSR CU2, 4.10, 4.11
- Receiver for Mac: 12.6, 12.7, 12.8.1, 12.9
Symptoms or Error
Citrix Receiver Updater service stopped working due to a certificate issue at the Receiver Updater Service infrastructure. Due to this issue, automatic update checks will fail silently and you will not be prompted to install a new version of Receiver when it becomes available.
Also, when manually checking for updates with Receiver for Windows, you may see a dialog indicating that there was an error checking for updates:
A similar error message may be seen with Receiver for Mac:
This issue occurs with both automatic and manual update checks. Automatic update checks will fail silently.
Solution
To resolve this issue, download the Receiver auto-update fix located in the latest downloads page.
- Windows - https://www.citrix.com/downloads/citrix-receiver/windows/receiver-for-windows-latest.html
- Mac - https://www.citrix.com/downloads/citrix-receiver/mac/receiver-for-mac-latest.html
Problem Cause
A TLS certificate was recently renewed and replaced on the Receiver Updates Service infrastructure. This certificate change prevents Receiver for Windows and Receiver for Mac from being able to successfully check for updates.
Description of Problem
A vulnerability has been identified that could result in a local user escalating their privilege level to SYSTEM on the computer running Citrix Workspace app for Windows.The vulnerability has the following identifier:
| CVE ID | Description | Vulnerability Type | Pre-conditions |
| CVE-2021-22907 | Local privilege Escalation | CWE-284: Improper Access Control | Local user access to a system where Citrix Workspace App for Windows has been installed by an account with administrator privileges |
This vulnerability affects all supported versions of Citrix Workspace app for Windows but does not affect Citrix Workspace app on any other platforms. Citrix Workspace app downloaded from Windows Store is also not affected by this issue.
Mitigating Factors
Citrix Workspace App 2107 For Windows - Citrix
This vulnerability only exists if Citrix Workspace app was installed using an account with local or domain administrator privileges. It does not exist when a standard Windows user installed Citrix Workspace app for Windows.Users with automatic updates enabled will automatically be updated to a fixed version.
What Customers Should Do
The issue has been addressed in the following versions of Citrix Workspace app for Windows:- Citrix Workspace App 2105 and later
- Citrix Workspace App 1912 LTSR CU4 and later cumulative updates
The latest version of Citrix Workspace app for Windows is available from the following Citrix website location:
https://www.citrix.com/downloads/workspace-app/windows/
The latest LTSR version of Citrix Workspace app for Windows is available from the following Citrix website location:
https://www.citrix.com/downloads/workspace-app/workspace-app-for-windows-long-term-service-release/.
Acknowledgements
Citrix would like to thank Sai Cheng of Syclover Security Team for working with us to protect Citrix customers.
What Citrix Is Doing
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.Obtaining Support on This Issue
Citrix Workspace App 2107 For Mac - Citrix
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/en-gb/support/open-a-support-case/.Citrix Receiver Updates Troubleshooting Guide
Reporting Security Vulnerabilities to Citrix
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please see the following webpage: – https://www.citrix.com/about/trust-center/vulnerability-process.htmlDisclaimer
This document is provided on an 'as is' basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. Citrix reserves the right to change or update this document at any time.Changelog
| Date | Change |
| 2021-05-11 | Initial Publication |
| 2021-05-11 | CVE ID Corrected |
| 2021-05-18 | Acknowledgements amended. Added clarification that versions installed by using an account with administrator privileges are vulnerable |
| 2021-05-19 | Added clarification that Citrix Workspace App in Windows Store |