October 28, 2022 at 2:46 PM
Organizations have five days to prepare for what the OpenSSL Project on Oct. 26 described as a "critical" vulnerability in versions 3.0 and above of the nearly ubiquitously used cryptographic library for encrypting communications on the Internet.
On Tuesday, Nov. 1, the project will release a new version of OpenSSL (version 3.0.7) that will patch an as-yet-undisclosed flaw in current versions of the technology. The characteristics of the vulnerability and ease with which it can be exploited will determine the speed with which organizations will need to address the issue.
"It is a bit difficult to speculate about the impact, but past experience has shown that OpenSSL doesn't use the label 'critical' lightly," says Johannes Ullrich, dean of research at the SANS Institute.
Source: https://www.darkreading.com/vulnerabilities-threats/prepare-critical-flaw-openssl-security-experts-warn
Anyone want to take bets on how this plays out next week?
On Tuesday, Nov. 1, the project will release a new version of OpenSSL (version 3.0.7) that will patch an as-yet-undisclosed flaw in current versions of the technology. The characteristics of the vulnerability and ease with which it can be exploited will determine the speed with which organizations will need to address the issue.
"It is a bit difficult to speculate about the impact, but past experience has shown that OpenSSL doesn't use the label 'critical' lightly," says Johannes Ullrich, dean of research at the SANS Institute.
Source: https://www.darkreading.com/vulnerabilities-threats/prepare-critical-flaw-openssl-security-experts-warn
Anyone want to take bets on how this plays out next week?