OpenSSL vulnerabilities in Defender for latest version Microsoft Products

Zach Hyman 80 Reputation points
2024-10-15T20:07:36.4466667+00:00

My org has several OpenSSL vulnerabilities for OneDrive and Azure Disk Encryption. The CVEs are CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, and Defender was said to fix inaccuracies with these last month (Sept. 2024). https://learn.microsoft.com/en-us/defender-vulnerability-management/fixed-reported-inaccuracies

See attached the file paths I am working with. I exported them into Excel as Application Name, Installed Version of OpenSSL, CVEs, and Path. Are these false positives?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,422 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.