Research outfit Pen Test Partners has uncovered a vulnerability in Citrix Workspace potentially allowing a privilege escalation to lead to full remote compromise of the host machine.
The flaw, CVE-2020-8207 (not yet reserved at the time of publication), sees Workspace's automatic update feature abused to gain access to a vulnerable Workspace installation, with the attack vector being a named pipe.
The hole has been patched and users of Citrix Workspace should install the latest version (2006.1 or 1912 LTSR CU1) sooner rather than later.
While Citrix asserted that the vuln only affects Workspace installations installed by either a local or domain admin (and not a bog-standard ..
Support the originator by clicking the read the rest link below.
