On Tuesday, November 1, OpenSSL disclosed details of a high severity vulnerability affecting versions 3.0.0 through 3.0.6.  This vulnerability could allow remote attackers to cause a denial of service on affected systems, resulting in system outages and downtimes.  It is possible that under very specific circumstances the vulnerability could also be used to execute remote code.

Over the coming weeks, vendors will be releasing updates to their software that uses the OpenSSL libraries.  We recommend monitoring these vendor updates and applying these patches as part of your normal patching cycle.

More details can be found at the following CISA post:

https://www.cisa.gov/uscert/ncas/current-activity/2022/11/01/openssl-releases-security-update