Share via

OpenSSL vulnerabilities showing in Defender Dashboard

Jeff Thorne 65 Reputation points
2023-09-22T20:14:57.2433333+00:00

We have multiple devices showing up with OpenSSL vulnerabilities. It is detecting two dll files that it is flagging. Which they are libssl-3-x64.dll and libcrypto-3-x64.dll. It is flagging this for multiple different applications through out multiple devices. Some devices it's not the same application. Is defender showing a false negative of these vulnerabilities. If this are not false negatives then what is the process to update the dll files inside the applications?

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
Microsoft Security | Microsoft Defender | Microsoft Defender for Identity
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud Apps

11 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary I 5 Reputation points
    2024-09-06T02:17:46.5566667+00:00

    I have been researching this again today (having had this issue for months) and found the following: OpenSSL are aware of the issues that are raised in CVE-2024-2511 but consider it low severity and won't be addressing it anytime soon: 

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
clients.

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
1.0.2 is also not affected by this issue.

OpenSSL 3.2, 3.1, 3.0, 1.1.1 are vulnerable to this issue.

OpenSSL 3.2 users should upgrade to OpenSSL 3.2.2 once it is released.

OpenSSL 3.1 users should upgrade to OpenSSL 3.1.6 once it is released.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.14 once it is released.

OpenSSL 1.1.1 users should upgrade to OpenSSL 1.1.1y once it is released
(premium support customers only).

Due to the low severity of this issue we are not issuing new releases of
OpenSSL at this time. The fix will be included in the next releases when they
become available. The fix is also available in commit e9d7083e (for 3.2),
commit 7e4d731b (for 3.1) and commit b52867a9 (for 3.0) in the OpenSSL git
repository. It is available to premium support customers in commit
5f8d2577 (for 1.1.1).

    Source: https://openssl-library.org/news/secadv/20240408.txt

    This was dated 8 April 2024.

    It doesn't matter what Zoom or PowerBI or anyone do, CVE-2024-2511 will be around until OpenSSL address the weaknesses in those specific libraries.

    If you have Zoom, update to version 6.1.0 or above to address OpenSSL flaws except CVE-2024-2511 and CVE-2024-4603, which doesn't affect clients:

    User's image

    Source: https://devforum.zoom.us/t/zoom-5-6-10-vulnerabilities-with-openssl-dll-need-version-3-1-5/98806/78?page=4

    1 person found this answer helpful.
    0 comments
  2. Dinesh Admin 20 Reputation points
    2023-12-01T06:11:15.68+00:00

    @Givary-MSFT i have the same problem on our defender portal and can't be updated openssl in window apps please find below the screenshot

    i think this is wrong recommendation
    User's image

  3. Gawie Malan 0 Reputation points
    2024-03-12T12:17:06.0033333+00:00

    I have the same problem, however with different applications. Like Zoom and even some drivers showing up in this report. Has MS released a fix or answer for this yet?

    Screenshot 2024-03-11 131850

  4. Brock 0 Reputation points
    2024-04-03T21:29:26.2866667+00:00

    We're experiencing the same issue on our domain. Lots of these are in driver folders, updated in the last six months.

    0 comments
  5. Stephen Holder 0 Reputation points
    2024-10-03T11:34:05.5833333+00:00

    There is a similar issue with AutoDesk DWG Trueview (ADODIS).

    c:\program files\autodesk\adodis\v1\setup\cer\libcrypto-3-x64.dll (v3.0.13) generates a notification within the Defender Portal.

    I have upgraded to Trueview 2025, and this has updated the above dll to v3.0.14. I don't know if this will resolve the OpenSSL warning in Defender though.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.