News that the OpenSSL project will have a critical vulnerability fix in its next release on November 1 has put the Internet technology community on high alert. In this regard, Check Point Software researchers are closely monitoring this situation and will update the new protections as soon as the details are known “While we have to wait and read what the OpenSSL team has to share on Tuesday, we would like to urge everyone organizations to improve their visibility to the different applications and web services that they use or provide and the version of OpenSSL they run”, warns Eusebio Nieva, technical director of Check Point Software for Spain and Portugal.
Vulnerability in OpenSSL
Check Point Research has released more details about this vulnerability:
What versions of OpenSSL are exposed? Versions 3.0 and higher of OpenSSL are the ones considered vulnerable. OpenSSL version 3.0.7 is expected to be the next release and should include the critical vulnerability fix.
Check Point Software Alerts Organizations to Prepare Immediately Upon Warning of Critical Vulnerability in OpenSSL
What is OpenSSL? OpenSSL is a library of commonly used code designed to enable secure communication over the Internet. In a nutshell, every time we browse the Internet, the web page we browse or the online service we access uses OpenSSL at its most basic level. All of this means that on Tuesday morning everyone will have to keep a very close eye on what the OpenSSL project team will release. It is expected to touch on broad aspects of our common use of the Internet. What can be the risk? Although you have to wait until November 1 to know the details of the vulnerability, it could include the disclosure of private key information or user information on a massive level. What can be done until more details are known? In the meantime, companies should remain vigilant, patch and update all systems to the latest version, and prepare to update IPS once they become available. It is also recommended to know in detail where OpenSSL is used within the company, information that can be obtained in the software bill of materials (SBOM), in order to be able to prioritize the critical areas. Researchers at Check Point Software are closely following this story, and will report any further developments.
