This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 10%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
Hello,
We received a critical alert from Microsoft Defender (CVE-2023-49210) which tells us that 90 of our devices have vulnerabilities due to the version Openssl which is not supported anymore. We don't have any software on these PCs that include OpenSSL, so this must be something to do with Windows 11. I even see this vulnerability with a fresh image of Windows 11.
The Defender alert calls out the following vulnerable files:
There are MANY vulnerabilities related to OpenSSL in my Defender portal (seen below) and I would like to resolve them all. Is there a way to resolve all vulnerabilities by somehow updating OpenSSL (which I dont even see as installed on any of these PCs)?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 77%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVL%3C/text%3E%3C/svg%3E)
Defender is alerting on all our clients that use both Defender and onedrive, and it is -- like for OP -- alerting on the onedrive folder (among some others). So, which is the issue, onedrive is failing to update (and not reporting such through intune) or Defender for incorrectly alerting?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 62%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
I raised case for this CVE with Microsoft. Backend team has updated this CVE in Defender. After this update, this CVE does not appear as impacting in the environment. I assume they have updated detection logic related to this CVE.
We are getting many more alerts than what I shared. I just shared an example of Windows related files. We have alerts for Visual Basic Studio, Github, ODBC Drivers, Microsoft Paint, etc...etc.
All of the software is up to date, but the vulnerability is still showing in Defender. All I can do is update the applications, correct? That means I just have to live with these vulnerabilities?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 75%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEW%3C/text%3E%3C/svg%3E)
Received a similar vulnerability assessment alert from Defender for the OpenSSL linked to our OneDrive installations. Even after updating them to the latest build version 24.180.0905.0001 from the previous 24.171.x, the vulnerability still persists. When will the libcrypto and libssl files be updated to the patched versions I wonder? It is October, and my version is still 3.3.0 running on OneDrive.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
The warnings are being triggered because there are multiple software packages that ship with the OpenSSL libraries that are considered vulnerable. Since each package ships its own copy of the libraries you'd need to update each of the packages yourself. They don't share/use a common version. Unfortunately you cannot just "upgrade" the library as there is potentially breaking changes that could break the app. You would need to go to each package's vendor and look for an update.
In the case of the driver filestore, this is where Windows stores a copy of the driver files that Windows may or may not be using. It looks like you might have older versions of the Intel iCLS Client driver. These can be safely ignored I believe. You should go to the Microsoft Update Catalog and ensure you have the latest Intel iCLS Client driver installed, if you're using it.
The other 2 references are local to your user and are the OneDrive provider. I find it interesting that you're running 24.103 while the latest I have is 24.101. And my version was supposedly updated today. OpenSSL 3.3.1 was released a couple of days ago and my version is 3.3.0. This may just be a false positive but until OneDrive updates there is not much you can do about it either way.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 33%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
How would I go about safely ignoring these older versions? Is there a way to tell Defender to stop generating alerts for them, without disabling the check for openssl vulnerabilities globally?