CVE-2024-13176 Openssl Vulnerability in Azure CLI

I believe it ay related to the below:

• The Azure CLI installer may not yet include the patched versions of OpenSSL (e.g., 3.0.150 or later).
• Microsoft Defender for Cloud and other tools detect the version of these DLLs directly, regardless of CLI version.
• The vulnerability may also exist in Azure extensions or agents, such as the Network Watcher Agent, which use their own copies of OpenSSL.

Please further check:

1. DLL Versions:
• Navigate to the Azure CLI install directory and inspect libssl-3.dll and libcrypto-3.dll.
• If they are older than 3.0.150, they may still be vulnerable.
2. Monitor GitHub Issues:
• Microsoft is tracking this on Azure CLI GitHub.
3. Report to Microsoft Defender Team:
• If you're using Defender for Endpoint or Defender for Cloud, submit a false positive or request clarification through the portal.
4. Use Wordaround with External OpenSSL:
• Manually replace the DLLs with patched versions from OpenSSL.org but this is not officially supported and may break CLI functionality.