A patch has been released by VMware coinciding with Petrus Viet’s announcement. System owners can find all the necessary information for remediation on VMware’s knowledge base website here: https://kb.vmware.com/s/article/89096
In cases where the patch cannot be applied due to an organization’s risk assessment or inability to patch, VMware has also provided a temporary workaround. The workaround revolves around disabling all users except one provisioned administrator and logging in via SSH to restart the horizon-workspace service. It should be noted that VMware does not recommend using this workaround, and strongly encourages the patch to be applied instead stating:
“Workarounds do not remove the vulnerabilities from the environment, and almost always introduce additional complexities and technical debt that patching would not. These updates do not introduce new functionality or other changes beyond resolving these issues and should be a straightforward update in most environments. While the decision to patch or use the workaround is yours, VMware always strongly recommends patching as the simplest and most reliable way to resolve this type of issue.”

Information on the workaround can be found here: https://kb.vmware.com/s/article/88433

https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-patch-critical-auth-bypass-bug-immediately/