UPDATE: Patch OpenSSL available, vulnerability scaled down

The OpenSSL development team has just released version 3.0.7. In it, several vulnerabilities are fixed. The vulnerability that OpenSSL previously classified as ‘critical’, is now scaled down to ‘high’. Based on the information now available, the NCSC also estimates the severity of the vulnerability to be less than previously thought.

The NCSC has published security advice with action perspectives. The possibility still exists that a vulnerable version of OpenSSL is being used in your organization. The NCSC therefore advises organizations to read the security advisory and, where necessary, to take action.

In addition, the NCSC is working with collaboration partners to obtain as broad and up-to-date a picture as possible of products that use a vulnerable OpenSSL version. For this purpose, a list is maintained on GitHub. Check the list regularly for relevant updates.