Share via

OpenSSL vulnerabilities showing in Defender Dashboard

Jeff Thorne 65 Reputation points
2023-09-22T20:14:57.2433333+00:00

We have multiple devices showing up with OpenSSL vulnerabilities. It is detecting two dll files that it is flagging. Which they are libssl-3-x64.dll and libcrypto-3-x64.dll. It is flagging this for multiple different applications through out multiple devices. Some devices it's not the same application. Is defender showing a false negative of these vulnerabilities. If this are not false negatives then what is the process to update the dll files inside the applications?

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
Microsoft Security | Microsoft Defender | Microsoft Defender for Identity
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud Apps

11 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daniel Lizardo 0 Reputation points
    2025-05-13T20:44:33.08+00:00

    I'm encountering the same issue. I work as an engineer at an MSP, and part of my responsibilities includes reporting on the resolution of vulnerabilities, updates, and similar tasks. Every month, I face the recurring problem of certain vulnerabilities being flagged across various third-party and Microsoft products. The question I constantly get is, 'When will this be fixed?'

    The challenge is that many of these issues are outside of our control and are expected to be resolved by the vendors themselves. How can we be expected to fix something that only the vendor can address?

    Could you please advise on what steps we can take to remove or properly manage these flags in our reports?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.