Microsoft Defender Vulnerability (CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119)

Vina 15 Reputation points
2025-01-28T12:10:56.84+00:00

Hello There,

We have identified a OpenSSL vulnerability in Defender portal for Microsoft OneDrive and other applications. For reference, I have included MS applications such as Microsoft Paint, Microsoft Visual Studio, Microsoft Photos, and MS SQL Server Management Studio. We have identified other applications where the application path is marked as vulnerable for libssl and libcrypto dll files in the Defender portal.

Do we have solutions available for Microsoft application packages, such as OneDrive, to address this vulnerability?

(c:\users\meisch466\appdata\local\microsoft\onedrive\24.244.1204.0003\libssl-3-x64.dll

c:\users\meisch466\appdata\local\microsoft\onedrive\24.244.1204.0003\libcrypto-3-x64.dll

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
41,829 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Pauline Mbabu 595 Reputation points Microsoft Employee
    2025-02-05T03:47:52.9333333+00:00

    Hello Vina,

    There has been ongoing discussion regarding this, and OneDrive Sync App 25.004.0109.0002 is now being rolled out with Openssl 3.4.0.0 having no weaknesses. You can follow the discussion on this related thread
    https://learn.microsoft.com/en-us/answers/questions/2104185/openssl-vulnerabilities-in-defender-for-latest-ver?comment=answer-

    I hope this answers your question.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.