This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 75%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEW%3C/text%3E%3C/svg%3E)
An OpenSSL vulnerability has been flagged on one of our devices by Microsoft Defender for Cloud.
The vulnerability has listed two dll files as the main culprits (both installed via OneDrive):
The OneDrive version is the latest, as far as I know (24.196.0929.0005), and was updated on 26-Oct-2024.
However, it appears that the dll file versions have persisted at 3.3.0.0, which is considered vulnerable by Microsoft Defender's vulnerability scanner.
Therefore, how do we address this vulnerability if it cannot be addressed via a OneDrive update, as seems to be the case here?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 9%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
This is a headache for me as well, especially when the older OneDrive versions are still hanging around. Even taking ownership and Full Control of the files (in the older directories) won't let me delete them. And security folks like me don't like this old vulnerable stuff hanging around. Yet, OneDrive's update mechanism for some reason won't remove older versions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 65%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Hi everyone,
Did you managed to find a solution for this? It is flagging as a possible attack path by defender but not sure what to do with this.