Set all FileSecurityPermission to 0, which means No Access (See CTX133565 for further details)
And
Set InstantiatedSecurityPolicyEditabledefault to false (See CTX128792 for further details)
Note: Restarting Citrix Workspace app and Receiver is not sufficient to apply the changes, the operating system must be rebooted.
What Customers Should Do
A new version of Citrix Workspace app and Receiver for Windows has been released. Citrix strongly recommends that customers upgrade Citrix Workspace app to version 1904 or later and Receiver for Windows to LTSR 4.9 CU6 version 4.9.6001.
The new Citrix Workspace app version is available from the following Citrix website location:
The new LTSR version is available from the following Citrix website location:
Single Sign-on (SSO) could stop working, after applying the security update, for browsers other than Internet Explorer unless explicitly configured. Use the following documentation to ensure proper configuration post fix installation:
Acknowledgements
Citrix thanks Ollie Whitehouse, Richard Warren and Martin Hill of NCC Group for working with us to protect Citrix customers.
What Citrix Is Doing
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html.
Reporting Security Vulnerabilities
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix
Changelog
| Date | Change |
| 13th May 2019 | Initial publishing |
| 17th May 2019 | Clarified affected version statement |
| 24th May 2019 | Added 'Mitigating Factors' section |
Download Citrix Workspace App 2002
Per-Machine setting:
Type: REG_SZ
Name: TransparentKeyPassthrough
Value: Remote
Type: REG_SZ
Name: TransparentKeyPassthrough
Value: Remote
Type: REG_SZ
Name: TransparentKeyPassthrough
Value: Remote
**Note: You have to exit Citrix Workspace App / Citrix Receiver and launch it again for this change to take effect.
- Hit the following keys: 'Option+ Tab'.
Citrix Workspace App Windows
On Linux there are no required settings that need to be changed to allow this behavior.
If the expected behavior of switching between applications/windows within a Citrix Desktop Session is not occurring, please follow these steps:
- Open terminal and navigate to the following location:
- /etc/icaclient/config/All_Regions.ini
- Edit the .ini file with your preferred editor
- ex. nano All_Regions.ini
- Find the following line within the file and update it to 'Remote' after the equal sign:
- TransparentKeyPassthrough =Remote
- Exit Citrix Workspace App or Citrix Receiver and launch it again
- Go into full screen mode on your Citrix Desktop Session:
- Proceed to switch between applications/windows using 'Alt+Tab'
- Within a windowed session try the following key combination to:
- Proceed to switch between applications/windows using 'Alt+PageUp'
Problem Cause
Additional Resources
Understanding Keyboard Input To Virtual Desktops
By default, when you use a virtual desktop all key presses are directed to it (not the local computer) with the following exceptions:
- Windows logo key+L is directed to the local computer.
- CTRL+ALT+DELETE is directed to the local computer except in some cases if you use the Citrix Desktop Lock.
- Key presses that activate StickyKeys, FilterKeys, and ToggleKeys (Microsoft accessibility features) are normally directed to the local computer.
- As an accessibility feature of the Desktop Viewer, pressing CTRL+ALT+BREAK displays the Desktop Viewer toolbar buttons in a pop-up window.
- Windows key combinations (for example, CTRL+ESC and ALT+TAB) are directed according to the settings that your help desk has selected.
Note: By default, if the Desktop Viewer is maximized, ALT+TAB switches focus between windows inside the session. If the Desktop Viewer is displayed in a window, ALT+TAB switches focus between windows outside the session.
Hotkey sequences are key combinations designed by Citrix. For example, the CTRL+F1 sequence reproduces CTRL+ALT+DELETE, and SHIFT+F2 switches applications between full-screen and windowed mode. You can use hotkey sequences with virtual desktops in many, but not all, setups. For example, they work with your hosted applications.
Disclaimer