We're experiencing the same issue on our domain. Lots of these are in driver folders, updated in the last six months.
OpenSSL vulnerabilities showing in Defender Dashboard
We have multiple devices showing up with OpenSSL vulnerabilities. It is detecting two dll files that it is flagging. Which they are libssl-3-x64.dll and libcrypto-3-x64.dll. It is flagging this for multiple different applications through out multiple devices. Some devices it's not the same application. Is defender showing a false negative of these vulnerabilities. If this are not false negatives then what is the process to update the dll files inside the applications?
8 answers
Sort by: Most helpful
-
-
Julio Soza 0 Reputation points
2024-04-18T14:51:14.6833333+00:00 Hi Everyone,
As per my testing and research, I think this will be an ongoing vulnerability recommendation.
For example, Zoom addressed the vulnerability with OpenSSL 3.1.4 back in Jan 2024, screen capture below https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0068823
But, Microsoft reported the CVE-2024-2511 which says that multiple versions of OpenSSL still are impacted:
After some testing, I uninstalled Zoom and found that the vulnerability was gone, but Defender detected it again as Zoom as I reinstalled the latest version.
I did find the OpenSSL Recommendation helpful because there were apps and left over files that users in my organization where not using and were increasing the impact of this vulnerability, removing those specifics apps and files make the list shorter.
Hope my findings help you all.
-
Ronald Bok 0 Reputation points
2024-06-11T07:57:25.5033333+00:00 I Got the same Issue. Strange thing it is on Onedrive I'm Not sure what the lastest version of ondrive is, becourse the version list on the Microsoft site is not up to date. But the Warning is on all version of onedrive. Here are some Exampels.
c:\program files\microsoft onedrive\24.101.0519.0010\libcrypto-3-x64.dll
c:\program files\microsoft onedrive\24.108.0528.0005\libcrypto-3-x64.dll
c:\program files\microsoft onedrive\24.101.0519.0010\libssl-3-x64.dll
c:\program files\microsoft onedrive\24.108.0528.0005\libssl-3-x64.dll