OpenSSL Vulnerability Announced
Published on
November 7, 2022

On Tuesday, November 1, OpenSSL disclosed details of a high severity vulnerability affecting versions 3.0.0 through 3.0.6.  This vulnerability could allow remote attackers to cause a denial of service on affected systems, resulting in system outages and downtimes.  It is possible that under very specific circumstances the vulnerability could also be used to execute remote code.

Over the coming weeks, vendors will be releasing updates to their software that uses the OpenSSL libraries.  We recommend monitoring these vendor updates and applying these patches as part of your normal patching cycle.

More details can be found at the following CISA post:

IT Mentorship in Your Inbox

Subscribe and stay up to date on the latest insights, expert advice, and happenings in IT.