KLA11770
Microsoft Advisory for Microsoft Developer Tools
Обновлено: 29/05/2020
Дата обнаружения
21/04/2020
Уровень угрозы
Warning
Описание

Microsoft is aware of a publicly disclosed remote denial of service vulnerability for OpenSSL version 1.1.1d and newer. Previous versions prior to 1.1.1d are unaffected.

The vulnerability is fixed in version 1.1.1g. For more information, please see the OpenSSL security advisory.

Microsoft has confirmed Windows is not affected by this vulnerability. We are currently investigating the wider impact and are applying mitigations to services as needed.

If you are running a Linux VM or have installed any products that use OpenSSL on Azure, please review the version on your system. We recommend that you check the security blog for the distro you are using.

Пораженные продукты

Microsoft Developer Tools, using OpenSSL earlier than 1.1.1g.

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
ADV200007
Связанные продукты
Microsoft Azure
Microsoft official advisories
Microsoft Security Update Guide