OpenSSL Vulnerability Shown on Microsoft Defender for Cloud Dashboard - OneDrive affected app
Eric Wasike
45
Reputation points
An OpenSSL vulnerability has been flagged on one of our devices by Microsoft Defender for Cloud.
The vulnerability has listed two dll files as the main culprits (both installed via OneDrive):
- libcrypto-3-x64.dll
- libssl-3-x64.dll
The OneDrive version is the latest, as far as I know (24.196.0929.0005), and was updated on 26-Oct-2024.
However, it appears that the dll file versions have persisted at 3.3.0.0, which is considered vulnerable by Microsoft Defender's vulnerability scanner.
Therefore, how do we address this vulnerability if it cannot be addressed via a OneDrive update, as seems to be the case here?
Sign in to answer