KLA11770
Microsoft Advisory for Microsoft Developer Tools

Updated: 06/03/2020
Detect date
?
04/21/2020
Severity
?
Warning
Description

Microsoft is aware of a publicly disclosed remote denial of service vulnerability for OpenSSL version 1.1.1d and newer. Previous versions prior to 1.1.1d are unaffected.

The vulnerability is fixed in version 1.1.1g. For more information, please see the OpenSSL security advisory.

Microsoft has confirmed Windows is not affected by this vulnerability. We are currently investigating the wider impact and are applying mitigations to services as needed.

If you are running a Linux VM or have installed any products that use OpenSSL on Azure, please review the version on your system. We recommend that you check the security blog for the distro you are using.

Affected products

Microsoft Developer Tools, using OpenSSL earlier than 1.1.1g.

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

ADV200007

Related products
Microsoft Azure
Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region