ºÚÁÏÕýÄÜÁ¿

Executive Summary

A software library called OpenSSL – used with many of the most common operating systems and applications for secure communications – is going to receive an important update on Tuesday, November 1, 2022. OpenSSL is deployed across industries ubiquitously, including the health sector. HC3 highly recommends all public and private heatlh sector organizations identify all instances of OpenSSL in their infrastructure and prepare to test and deploy the patch as soon as it is released.

Report

OpenSSL is an open-source cryptographic library used with many of the most common operating systems and applications to implement and its predecessor protocol, for security in communicating with web and other Internet-facing servers. An announcement by the (can be found ) on October 25 noted that a new version of OpenSSL (version 3.0.7) would be released on Tuesday 1st November 2022 between 1300-1700 UTC. This update will contain a patch for a vulnerability classified as critical. It is very rare for the OpenSSL Project to classify a vulnerability as critical. As of the release of this alert, no further technical details exist on this vulnerability. The protection of technical details by the OpenSSL Project is likely deliberate to reduce attempts to identify and exploit this vulnerability prior to patch release on November 1.

View the detailed report below.