As already reported by ZDNet and other sources, the OpenSSL Project team announced a critical severity security vulnerability on October 25, 2022.
Mark Cox, the Apache Software Foundation VP of Security, tweeted: “OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC.”
OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC. Does not affect versions before 3.0. https://t.co/jIRQhx0nCr
— Mark J Cox (@iamamoose) October 25, 2022
What is OpenSSL and why is it so important?
OpenSSL is an open-source project that implements the SSL protocol and enables servers across the internet to securely communicate with their clients. It is also included in many operating systems, client-side software, and websites.
Because OpenSSL is so widely used, there’s an urgency to patch and update the systems affected by it.
Which OpenSSL versions are vulnerable?
OpenSSL versions 3.0 and above were reported as vulnerable, and these critical security vulnerabilities will be fixed in the upcoming 3.0.7 release which will be available on November 1st, 2022.
How can I prepare for the OpenSSL critical vulnerability?
Until more details are revealed on November 1st, we recommend that you identify all your vulnerable assets running OpenSSL3 and be prepared for the update.
For Seemplicity customers, we suggest using the “OpenSSL Vulnerability – Early Warning” filter, which will identify all the resources in your different data sources exposed to this vulnerability.
We’re here to help
If you require further support with understanding how OpenSSL will impact your team and the ways to fix it effectively, please don’t hesitate to reach out to us at firstname.lastname@example.org.