OpenSSL Vulnerability Shown on Microsoft Defender for Cloud Dashboard - OneDrive affected app

Eric Wasike 45 Reputation points
2024-10-31T12:38:50.5166667+00:00

An OpenSSL vulnerability has been flagged on one of our devices by Microsoft Defender for Cloud.

The vulnerability has listed two dll files as the main culprits (both installed via OneDrive):

  1. libcrypto-3-x64.dll
  2. libssl-3-x64.dll

The OneDrive version is the latest, as far as I know (24.196.0929.0005), and was updated on 26-Oct-2024.

However, it appears that the dll file versions have persisted at 3.3.0.0, which is considered vulnerable by Microsoft Defender's vulnerability scanner.

Therefore, how do we address this vulnerability if it cannot be addressed via a OneDrive update, as seems to be the case here?

openssl 3.3.0 Vulnerability

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,434 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.