Update OpenSSL recommendation

sumo83 
This is messy - and I feel your pain. 
I determined most of my affected versions were in c:\Program Files\.... 
Git was one, some of the ones you listed and some of the ones listed in one of the other references. 
I download the most current version of OpenSSL for Windows using version 3.1.4 and copied out the libcrypto and libssl files into a separate folder. 

and then did a basic PowerShell script to locate and replace all of the out of date libcrypto-3 and libssl-3 versions. 

Since MS puts special permissions on the PowerBI desktop directory, it failed to update those. Have to do further work there. I don't have the option to remove some or most of these applications. 
I need to develop a tweak for Zoom with the customized file naming. 
I did not include appdata locations, looks like I need to address those. 

However, as soon as the script ran, 3.1.4 now shows as vulnerable. 
In addition, my script does not account for if the files are in use and skips that directory. I guess I should set this up to run at startup somehow.  


I then found machines with the 32 bit versions as well. 

Also note that OpenSSL 1.x is no longer supported and needs to be replaced. Not sure where to even get started there, other than to keep patching the applications that use OpenSSL as dependencies until they catch up.

This is just one machine - 
c:\program files\dell\dell peripheral manager\libcrypto-1_1-x64.dll
c:\program files\microsoft onedrive\23.226.1031.0003\libcrypto-1_1-x64.dll
%userprofile%\appdata\local\programs\cisco spark\dependencies\libcrypto-1_1-x64.dll
%userprofile%\appdata\local\webex\wbxcache\webexdelta\x64\43.10.1-9\meetings\libcrypto-1_1-x64.dll
%userprofile%\appdata\local\webex\wbxcache\webexdelta\x64\43.10.1-9\meetings\libcrypto-1_1-x64.dll
c:\windows\system32\driverstore\filerepository\iclsclient.inf_amd64_367008a610747d24\lib\libcrypto-1_1-x64.dll


PowerShell script for replacement - 

This needs lots of additional work - I don't spend enough time in PS - 
I had to continue through parsing errors for the Power BI Directory, as well as for files in use issues during the file replacement. 
The last three lines were used to create an easy way to get verification that it ran. 
I then wrapped it with a folder that contained the updated lib-3 files and rolled it out as a Win32 application. Someone that is more practiced with PS could really improve this. 

#SourceFiles
$source="$psscriptroot\openssl_dll\libcrypto-3-x64.dll"
$source2="$psscriptroot\openssl_dll\libssl-3-x64.dll"
#Target Folder (files in this folder will be replaced with files from source folder if match found)
$TARGET=gci -recurse -Path "C:\Program Files\" -Filter "libcrypto-3-x64.dll" -ErrorAction SilentlyContinue| where { $_.VersionInfo.ProductVersion -lt '3.1.4'}

foreach ($folder in $TARGET)
{

Copy-Item -Path $source -Destination $folder.FullName -Force | Out-Null

}

$TARGET2=gci -recurse -Path "C:\Program Files\" -Filter "libssl-3-x64.dll" -ErrorAction SilentlyContinue| where { $_.VersionInfo.ProductVersion -lt '3.1.4'}

foreach ($folder in $TARGET2)
{
Copy-Item -Path $source2 -Destination $folder.FullName -Force | Out-Null

#Successful run 
}

if (-not (Test-Path "$($env:ProgramData)\OpenSSL_update3.1.4"))
{
Mkdir "$($env:ProgramData)\OpenSSL_update3.1.4"
}
Set-Content -Path "$($env:ProgramData)\OpenSSL_update3.1.4\openssl.txt" -Value "Script executed!"


Lastly - Microsoft needs to address their out of date usage of dependencies - not only are OpenSSL components out of date, I now have my vulnerability scanner I use for our servers reporting that I have a critical Curl/libcurl flaw on the servers - 
And it turns out to the Microsoft MDATP agent. 

/opt/microsoft/mdatp/lib/libcurl.so.4 
version:  : 7.79.1

As it is being used, I don't believe it is an issue. Not sure if I can do a rip and replace of the libcurl.so file and have it work.