Update 3/5/2017: Teradici have released FW 5.5.1 to address this issue.
Earlier this month VMware Advisory VMSA-2017-008 was issued detailing a heap buffer-overflow vulnerability in, amongst other products, Horizon View. The recommended action for those on Horizon View 6.x was to patch to 6.2.4
However, those making use of Zero Clients in their environment should proceed with caution, there is a known issue that prevents users connecting from Teradici Zero clients to Horizon View 6.2.4 – this is currently being investigated by VMware and Teradici. You can implement workarounds to get it to work, but this would involve lowering your security position and this is not recommended! At this stage you should remain on 6.2.3 or 7.1.
I think this another reminder that full end to end testing should be carried out before implementing a patch in production. Full end to end is important that tests all scenarios is important as a typical upgrade in lab with a software client connecting in would not have picked this up. Also, it should go without saying, take all necessary backups and snapshots so you can rollback if necessary. And perhaps before implementation, checking the latest information from vendors and subscribing to their mailing lists can also help being caught unaware.
- “View Connection Server communication error” when attempt to connect using a Teradici Zero Client to Horizon View 6.2.4 (2149972)
- Teradici Community statement
- Teradici Community Post