If we chose to use something like FSLogix App Masking, for instance, we’d actually need both client versions installed alongside each other to make it work, and this wasn’t possible. After all, Citrix Receiver and Workspace App are essentially the same application, and therefore would share Registry keys and filesystem entries. So I was asked the question – can we run different Citrix client versions from the same image for different sets of users?Īt first thought, this seemed pretty impossible. Also, being a Citrix Cloud environment, silos potentially also meant that siloed servers could end up running with very low user density, which would increase the overall cost of the solution for business units which needed to use the older client version. Of course we could just spin up a silo of servers that had the old Receiver version installed and tie those users to those instances, but this was an environment that was running from a single image and had no wishes to start expanding that number. Whilst we can all say “well they need to remediate their old infrastructure”, many of you well know that getting large-scale remediations underway in enterprise environments can be very challenging. They had a small number of users (probably ~5% or so) that still needed to launch some applications from an older Citrix farm which required a downstream version of the client (Receiver 4.9 LTSR, to be precise). This is a binary planting vulnerability and, whilst not allowing remote code execution per se, is still something that people would look to be patching sooner rather than later.Ī customer of mine (who are very security-conscious) were looking to get this addressed as soon as possible, but there was a snag. This week Citrix publicized some vulnerabilities in their Workspace App and Receiver clients that potentially would allow an attacker to elevate their privileges. Is it possible to use two Citrix client versions in one image? Actually – yes! The problem
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |