OpenSSL releases update to address Vulnerabilities
The OpenSSL project has released version 3.0.7, a security update for two vulnerabilities in OpenSSL 3.0.x. These vulnerabilities, CVE-2022-3786 and CVE-2022-3602, affect version 3.0.x and do not impact OpenSSL 1.1.1 or LibreSSL. Organizations are urged to ensure that they patch any instances of OpenSSL 3 in their software stack as a matter of urgency. SentinelOne customers can use Singularity XDR to ensure their organization is ready for the OpenSSL 3 update.
OpenSSL is an open-source cryptography library widely used by applications, operating systems and websites to secure communications over the internet using SSL and TLS. The majority of OpenSSL implementations in use today use version 1.1.1 or 1.0.2; however, OpenSSL 3 is bundled with many flavors of Linux and is also used in popular development software like Gradle, privacy tools such as TOR and security platforms like Kali Linux.
OpenSSL version 3.0.0 and higher are vulnerable to CVE-2022-3786 and CVE-2022-3602, which are patched in version 3.0.7. The downgrade was a result of the bugs being more difficult to exploit than at first thought. Despite the downgrading, a rating of “high” still represents a risk. Organizations running exposed version of OpenSSL are still advised to ensure the update is applied.
In 2014, OpenSSL suffered from a critical vulnerability, dubbed Heartbleed, which was due to a buffer over-read in the TLS Heartbeat Extension. Despite the patch being available the same day the flaw was disclosed, many were slow to patch. The bug was used to compromise a number of websites and steal sensitive data, including Social Insurance Numbers belonging to Canadian taxpayers.
To prepare and patch the OpenSSL 3 vulnerabilities, organizations need to prioritize discovering and patching CVE-2022-3786 and CVE-2022-3602 as soon as possible. The update to 3.0.7 was made available on Tuesday 1st November. SentinelOne customers can run queries to determine which endpoints are running vulnerable versions of OpenSSL in the management console.
In conclusion, vulnerabilities in a software library like OpenSSL are fundamental to the security of data on the internet and should not be overlooked or delayed. Organisations and IT teams need to ensure that they prioritise discovering and patching vulnerabilities as soon as possible to avoid potential breaches. Here at One2Call we proactively work to patch vulnerabilities as soon as they are discovered and we can work with your business to ensure that you stay protected.
Latest News Stories
Cancer Clinic’s Chilling Ultimatum: Pay Ransom or Face Patient Harassment
Crown Princess Mary Cancer Centre, a prominent Sydney-based cancer clinic, has recently been targeted by a notorious ransomware group, Medusa. The is among many Cyber Attacks targeting Australian businesses in recent months. The cyber criminals issued an ultimatum...
Combating Cyber Crime: The Human Factor
A startling reality in today's interconnected world is that up to 95% of Cyber Attacks can be traced back to human errors. Companies with more employees face a higher risk of falling victim to cyber crime. While cyber criminals do occasionally breach firewalls, it is...
One2Call Honour the UK’s Nurses this International Nurses Day
May 12th is International Nurses Day and we have a huge amount to thank the nation's nurses for. From the A&E front line, to the Vaccine Centre, Cancer & Critical Care, to Care Homes, our nations nurses have displayed bravery, skill, compassion, and unwavering...
Our Customers
Testimonials
Christine, Toutes Directions
You have a fabulous team at One2Call, they are all very knowledgeable and very helpful!
Tracy Lilley, Ecclesfield Primary School
Responsive, friendly service. Very customer focused, polite and eager to help. Would definitely recommend and will use again.
Yolande Quickfall, Saxton Mee
One2Call are certainly liked by us as they are always keen to help and resolve any problems that we may have and with a quick response.