Help with CVE-2022-3602 OpenSSL

Copper Contributor

Dear all,

Microsoft Defender displays a notification for one device, see attachment. As I am no IT-specialist I checked all available information what to do. But so far I could not find any understandable information, how to detemine, where are changes to make or updates necessary. Can anyone help?

 

15-11-2022_10-41-57.png

6 Replies
If you click on "Sicherheitsempfehlungen" within the CVE page (your right screenshot), there should be the info to update the application.
Based on one of our blogs, you should update to a higher version: https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/reduce-openssl-3-0-vulnerabi...
also the NVD has more information if needed:
https://nvd.nist.gov/vuln/detail/CVE-2022-3602

@HeikeRitter thanks for your recommendations. I already checked it and all it says is to "Update Openssl". So I searched a variety of locations where it could be used but nothing appeared to me. So do you have any suggestions how to find the location of "Openssl" or how to update it in general? Thanks in advance.

@HeikeRitter, thanks for replying to me. It looks to me as if Openssl is not "standalone" in my case but could be used in some existing software which is installed on my computer. Is there a way to locate the use of Openssl instead of just installing it separately? I think the installation as explained in that article will not solve the issue if another software uses an old version of it.

Hello,

did anyone manage to solve this problem? My openssl seems to be associated with MS Office. I can not update it separately 😞 to me it's only showing for 1 computer and not all 17 we have, although they have the same config. so 16 seem to be ok.

Hello @ChrisJMZ,

 

I had the same issue, but nothing helped so far. I always checked after following the suggestions above. But the issue solved itself in my case after a while. So I did nothing special.