Microsoft Defender detected that the libssl-3.dll and libcrypto-3.dll used by Azure Network Watcher Agent for Windows are outdated versions of OpenSSL

Question

Microsoft Defender detected that the libssl-3.dll and libcrypto-3.dll used by Azure Network Watcher Agent for Windows are outdated versions of OpenSSL

Josh Hsu 0

According to Microsoft Defender's exposed risk detection, CVE-2024-12797 and CVE-2024-13176 were identified as vulnerabilities related to outdated versions of OpenSSL. The risk was found in the following paths as reported:

Microsoft.Azure.NetworkWatcher.NetworkWatcherAgentWindows\1.4.3614.3\NetworkWatcherAgent\libcrypto-3-x64.dll

microsoft.azure.networkwatcher.networkwatcheragentwindows\1.4.3614.3\networkwatcheragent\libssl-3-x64.dll

Updating the Azure platform's Extensions and Applications to the latest version did not resolve the issue. User's image

User's image

Shravan Addagatla 1,530 Reputation points Microsoft External Staff Moderator

2025-05-29T09:50:53.1233333+00:00

Hi Josh Hsu

I understand that you're running into an issue with Microsoft Defender flagging some outdated OpenSSL libraries (libssl-3.dll and libcrypto-3.dll) used by the Azure Network Watcher Agent for Windows.

Since updating the Azure platform's Extensions and Applications didn't resolve the issue for you, here are a few steps you can try:

Ensure that you're using the latest version of the Azure Network Watcher Agent. It may not automatically update, so downloading the latest version directly from the official Azure documentation can help. Look for any mention of security patches related to OpenSSL.

Double-check that there are no old or conflicting installations of the Azure Network Watcher Agent on your system that could be causing the outdated libraries to persist.

If you have access to the updated versions of libssl-3.dll and libcrypto-3.dll, consider backing up the current versions and replacing them manually. However, this approach should be done with caution, as it may affect the operation of the Azure services that depend on these libraries.

If you're still facing issues after trying these steps, it might be best to open a support ticket, on the Azure support page, select Get support for deeper investigation.

I hope this helpful.

Please add a comment below, incase if you have any questions.
Shravan Addagatla 1,530 Reputation points Microsoft External Staff Moderator

2025-05-30T08:58:46.1566667+00:00

Hi Josh Hsu

Just checking in to see if above information was helpful. If you have any further updates on this issue, please let me know. Thank you
Per-Erik Broz 0 Reputation points

2025-06-02T10:50:31.4066667+00:00

This is a general issue with Microsoft products. OneDrive ships with 3.4.0 , Office ships with 3.0.13.0, and Fabric Gateway also has a older one. For the suggestion about manually upgrading, I would suggest fetching the one from OneDrive. Even though it may have vulnerabilities, it is quite new and signed by Microsoft.
Josh Hsu 0 Reputation points

2025-06-03T02:21:04.1033333+00:00

Hello, Shravan Addagatla, I have currently removed the NetworkWatcherAgentWindows extension from my system, as I couldn’t find any solution in the official Azure documentation. It seems we may have to wait for Microsoft to update the OpenSSL package within libssl-3.dll and libcrypto-3.dll to the latest version in order to resolve the issue.

Hello, Per-Erik Broz, Your method might work—I will find time to test it. However, for everything to function properly and securely, we still need Microsoft to release an updated version of the package with the latest OpenSSL to fully resolve the issue.

Thank you.
Shravan Addagatla 1,530 Reputation points Microsoft External Staff Moderator

2025-06-03T10:07:17.97+00:00

Hi Josh Hsu,

If the above steps don't work for you and might be waiting for the Azure updates to fix the outdated OpenSSL packages. However, you have removed the extensions from the machines which was a good move. I would also suggest you share any ideas to our Azure product team for any enhancements. https://feedback.azure.com/d365community/forum/8ae9bf04-8326-ec11-b6e6-000d3a4f0789
nikize 6 Reputation points

2025-06-05T16:09:25.7366667+00:00

@Shravan Addagatla The issue isn't with defender reporting a vuln version of OpenSSL
The issue is that Microsoft don't provide updates of their vulnerable applications in a timely fashion.

However, it is an issue that Defender groups all OpenSSL related issues in one recommendation. What it should do is to attribute these to the using application, such as MS Paint, MS OneDrive, MS Office, Adobe Acrobat, Python and so on.
The same goes for detections of Python, where the actual product needing update comes from Oracle etc.

When will Microsoft fix these issues? Both in terms of providing updated applications without OpenSSL vulnerabilities, but also corrected attributions of which apps are vulnerable in defender?

1 answer

Your answer

Shravan Addagatla 1,530 Reputation points Microsoft External Staff Moderator

2025-05-29T09:50:53.1233333+00:00

Hi Josh Hsu

I understand that you're running into an issue with Microsoft Defender flagging some outdated OpenSSL libraries (libssl-3.dll and libcrypto-3.dll) used by the Azure Network Watcher Agent for Windows.

Since updating the Azure platform's Extensions and Applications didn't resolve the issue for you, here are a few steps you can try:

Ensure that you're using the latest version of the Azure Network Watcher Agent. It may not automatically update, so downloading the latest version directly from the official Azure documentation can help. Look for any mention of security patches related to OpenSSL.

Double-check that there are no old or conflicting installations of the Azure Network Watcher Agent on your system that could be causing the outdated libraries to persist.

If you have access to the updated versions of libssl-3.dll and libcrypto-3.dll, consider backing up the current versions and replacing them manually. However, this approach should be done with caution, as it may affect the operation of the Azure services that depend on these libraries.

If you're still facing issues after trying these steps, it might be best to open a support ticket, on the Azure support page, select Get support for deeper investigation.

I hope this helpful.

Please add a comment below, incase if you have any questions.
Shravan Addagatla 1,530 Reputation points Microsoft External Staff Moderator

2025-05-30T08:58:46.1566667+00:00

Hi Josh Hsu

Just checking in to see if above information was helpful. If you have any further updates on this issue, please let me know. Thank you
Per-Erik Broz 0 Reputation points

2025-06-02T10:50:31.4066667+00:00

This is a general issue with Microsoft products. OneDrive ships with 3.4.0 , Office ships with 3.0.13.0, and Fabric Gateway also has a older one. For the suggestion about manually upgrading, I would suggest fetching the one from OneDrive. Even though it may have vulnerabilities, it is quite new and signed by Microsoft.
Josh Hsu 0 Reputation points

2025-06-03T02:21:04.1033333+00:00

Hello, Shravan Addagatla, I have currently removed the NetworkWatcherAgentWindows extension from my system, as I couldn’t find any solution in the official Azure documentation. It seems we may have to wait for Microsoft to update the OpenSSL package within libssl-3.dll and libcrypto-3.dll to the latest version in order to resolve the issue.

Hello, Per-Erik Broz, Your method might work—I will find time to test it. However, for everything to function properly and securely, we still need Microsoft to release an updated version of the package with the latest OpenSSL to fully resolve the issue.

Thank you.
Shravan Addagatla 1,530 Reputation points Microsoft External Staff Moderator

2025-06-03T10:07:17.97+00:00

Hi Josh Hsu,

If the above steps don't work for you and might be waiting for the Azure updates to fix the outdated OpenSSL packages. However, you have removed the extensions from the machines which was a good move. I would also suggest you share any ideas to our Azure product team for any enhancements. https://feedback.azure.com/d365community/forum/8ae9bf04-8326-ec11-b6e6-000d3a4f0789
nikize 6 Reputation points

2025-06-05T16:09:25.7366667+00:00

@Shravan Addagatla The issue isn't with defender reporting a vuln version of OpenSSL
The issue is that Microsoft don't provide updates of their vulnerable applications in a timely fashion.

However, it is an issue that Defender groups all OpenSSL related issues in one recommendation. What it should do is to attribute these to the using application, such as MS Paint, MS OneDrive, MS Office, Adobe Acrobat, Python and so on.
The same goes for detections of Python, where the actual product needing update comes from Oracle etc.

When will Microsoft fix these issues? Both in terms of providing updated applications without OpenSSL vulnerabilities, but also corrected attributions of which apps are vulnerable in defender?

Answer 1

Josh Hsu hi, removing the extension was actually a smart move if u weren't actively using network watcher features. sometimes the simplest solution is just to yeet the problematic component until it's fixed, right? :))

u're spot on - the real permanent fix has to come from microsoft updating those openssl packages properly. no way around that. their security team is usually on top of these things, but yeah, the docs don't always keep up with these edge cases. classic microsoft moment %)

if u do wanna test the manual dll swap later, here's a quick safety tip: make sure to grab the openssl 3.x dlls from the official openssl site (none of those shady "dll download" portals, yikes!). and maybe snapshot your vm first, just in case things get weird )

meanwhile, since u've already uninstalled it, u might wanna check if any other azure services were depending on network watcher agent. sometimes it quietly does background stuff for other features. but hey, if everything's running fine without it, then no stress!

fingers crossed microsoft pushes that update soon. their azure team has been pretty responsive lately with security patches, so hopefully we'll see a fixed version pop up in the extension gallery before long. when it does, it'll probably show up here azure updates

keep me posted if u try the manual fix or when the official update drops! always curious how these things play out in real environments )) azure security adventures never get old, huh? :D
Best regards,

Alex

and "yes" if you would follow me at Q&A - personaly thx.
P.S. If my answer help to you, please Accept my answer
PPS That is my Answer and not a Comment

https://ctrlaltdel.blog/

Share via

Microsoft Defender detected that the libssl-3.dll and libcrypto-3.dll used by Azure Network Watcher Agent for Windows are outdated versions of OpenSSL

1 answer

Your answer