OpenSSL vulnerabilities showing in Defender Dashboard

Jeff Thorne 50 Reputation points
2023-09-22T20:14:57.2433333+00:00

We have multiple devices showing up with OpenSSL vulnerabilities. It is detecting two dll files that it is flagging. Which they are libssl-3-x64.dll and libcrypto-3-x64.dll. It is flagging this for multiple different applications through out multiple devices. Some devices it's not the same application. Is defender showing a false negative of these vulnerabilities. If this are not false negatives then what is the process to update the dll files inside the applications?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,428 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
216 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
153 questions
{count} votes

10 answers

Sort by: Most helpful
  1. Sven 0 Reputation points
    2024-02-01T08:41:03.1633333+00:00

    In some product groups, there seems to be a misunderstanding about such an issue: Sometimes it's not about "does this vulnerability affect me?", but "how can I trust my security reporting?". Without updating the product to use the current version of openssl, I simply cannot install it any more on any of our devices. Also, Microsoft gets blamed for that, because they are deploying vulnerable code to our computers (it is completely unimportant whether the code is being used or not - it is there). Our security reporting is based on Defender Vulnerability Management. So, in this case Microsoft tells us to NOT use this software until it gets an update - in this case SSMS from Microsoft. PLEASE: when there is a vulnerability in a library you use: do NOT try to find out whether it will affect you or not - simply update. There is no legitimation for a known vulnerable library on a computer other than that there is currently no updated library available. But in this case, there is: simply update the library in your product.

    0 comments No comments

  2. Gawie Malan 0 Reputation points
    2024-03-12T12:17:06.0033333+00:00

    I have the same problem, however with different applications. Like Zoom and even some drivers showing up in this report. Has MS released a fix or answer for this yet?

    Screenshot 2024-03-11 131850


  3. Brock 0 Reputation points
    2024-04-03T21:29:26.2866667+00:00

    We're experiencing the same issue on our domain. Lots of these are in driver folders, updated in the last six months.

    0 comments No comments

  4. Ronald Bok 0 Reputation points
    2024-06-11T07:57:25.5033333+00:00

    I Got the same Issue. Strange thing it is on Onedrive I'm Not sure what the lastest version of ondrive is, becourse the version list on the Microsoft site is not up to date. But the Warning is on all version of onedrive. Here are some Exampels.

    c:\program files\microsoft onedrive\24.101.0519.0010\libcrypto-3-x64.dll

    c:\program files\microsoft onedrive\24.108.0528.0005\libcrypto-3-x64.dll

    c:\program files\microsoft onedrive\24.101.0519.0010\libssl-3-x64.dll

    c:\program files\microsoft onedrive\24.108.0528.0005\libssl-3-x64.dll


  5. Stephen Holder 0 Reputation points
    2024-10-03T11:34:05.5833333+00:00

    There is a similar issue with AutoDesk DWG Trueview (ADODIS).

    c:\program files\autodesk\adodis\v1\setup\cer\libcrypto-3-x64.dll (v3.0.13) generates a notification within the Defender Portal.

    I have upgraded to Trueview 2025, and this has updated the above dll to v3.0.14. I don't know if this will resolve the OpenSSL warning in Defender though.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.