Blog Post

Microsoft Defender Vulnerability Management Blog

2 MIN READ

Reduce OpenSSL 3.0 vulnerabilities risks with Microsoft Defender Vulnerability Management

Microsoft

Nov 02, 2022

On November 1, 2022 the OpenSSL team published two high severity vulnerabilities: CVE-2022-3602 and CVE-2022-3786. Any OpenSSL versions between 3.0.0 and 3.0.6 are affected and the guidance is OpenSS...

Updated Nov 28, 2022

Version 5.0

Threat & Vulnerability Management

Linh_Hoang

Microsoft

Joined September 20, 2021

View Profile

Microsoft Defender Vulnerability Management Blog

Follow this blog board to get notified when there's new activity

Sudipa

Copper Contributor

Nov 10, 2022

We Microsoft 365 Defender for keeping on top of security, in the past few days we've been flagged an out-of-date version of OpenSSL within some files within Office 365:

c:\program files\microsoft office\root\office16\odbc drivers\salesforce\lib\libcurl64.dlla\openssl64.dlla\libcrypto-1_1-x64.dll

c:\program files\microsoft office\root\office16\odbc drivers\salesforce\lib\libcurl64.dlla\openssl64.dlla\libssl-1_1-x64.dll

c:\program files\microsoft office\root\office16\odbc drivers\salesforce\lib\openssl64.dlla\libcrypto-1_1-x64.dll

c:\program files\microsoft office\root\office16\odbc drivers\salesforce\lib\openssl64.dlla\libssl-1_1-x64.dll

It seems these are part of the Office 365 install as I do not see anywhere in Salesforce affected by this vulnerability, This is present in some 10% of the systems in the organization. In which version of office 365 it will be resolved ?