On Tuesday, November 1, OpenSSL disclosed details of a high severity vulnerability affecting versions 3.0.0 through 3.0.6. This vulnerability could allow remote attackers to cause a denial of service on affected systems, resulting in system outages and downtimes. It is possible that under very specific circumstances the vulnerability could also be used to execute remote code.
Over the coming weeks, vendors will be releasing updates to their software that uses the OpenSSL libraries. We recommend monitoring these vendor updates and applying these patches as part of your normal patching cycle.
More details can be found at the following CISA post:
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/01/openssl-releases-security-update
Related Resources
IT Mentorship in Your Inbox
Subscribe and stay up to date on the latest insights, expert advice, and happenings in IT.