thank you for the info.... I'm wondering... for example a VM that I run in AZURE and shows the below:c:\packages\plugins\microsoft.azure.security.monitoring.azuresecuritywindowsagent\1.8.0.76\libcrypto-1_1-x64.dllc:\packages\plugins\microsoft.azure.security.monitoring.azuresecuritywindowsagent\1.8.0.76\libssl-1_1-x64.dllc:\packages\plugins\microsoft.guestconfiguration.configurationforwindows\1.29.44.0\dsc\gc\libcrypto-1_1-x64.dllc:\packages\plugins\microsoft.guestconfiguration.configurationforwindows\1.29.44.0\dsc\gc\libssl-1_1-x64.dllWill manual upgrading of openssl to newer version help with those references? Or do I somehow update them? Answer from sumo83 on techcommunity.microsoft.com
thank you for the info.... I'm wondering... for example a VM that I run in AZURE and shows the below:c:\packages\plugins\microsoft.azure.security.monitoring.azuresecuritywindowsagent\1.8.0.76\libcrypto-1_1-x64.dllc:\packages\plugins\microsoft.azure.security.monitoring.azuresecuritywindowsagent\1.8.0.76\libssl-1_1-x64.dllc:\packages\plugins\microsoft.guestconfiguration.configurationforwindows\1.29.44.0\dsc\gc\libcrypto-1_1-x64.dllc:\packages\plugins\microsoft.guestconfiguration.configurationforwindows\1.29.44.0\dsc\gc\libssl-1_1-x64.dllWill manual upgrading of openssl to newer version help with those references? Or do I somehow update them? Answer from sumo83 on techcommunity.microsoft.com
🌐
OpenSSL
openssl.org
OpenSSL
“We believe everyone should have access to security and privacy tools, whoever they are, wherever they are or whatever their personal beliefs are, as a fundamental human right.”
Discussions

OpenSSL Updates for all of our devices but different versions of OpenSSL/Apps
There is no resolution that will make it go away from the vulnerability dashboard that someone undoubtedly is pestering you about. What you are looking at is some dynamically linked libraries that contain some cryptographic functions that the applications in question make use of in some way or another. Building upon open source like this makes sense, since the alternative would be for everyone to spend time and resource on doing their own likely error-prone cryptographic implementation. Can you just compile your own OpenSSL dll files and use them to swap the allegedly vulnerable ones? Depends on the app. Sometimes it goes OK, sometimes it breaks the app. Someone is not very likely to stage a man-in-the-middle attack on microsoft windows photos. If the DLL is not in your systems PATH variable, then other applications on the system cannot make use of the DLL unless they address the exact path it is in. A better approach is to open a conversation with whoever is pestering you about the vulnerability scores. Explain that MS Defender will report on components on harddrive with CVE's, but it will NOT be able to determine for you which of these are exploitable. Thus, spending resources chasing a clean sheet in a vulnerability dashboard is a rather large waste of time. In fact, if you have a security team on your throat about CVE's in a dashboard, then ask them to help you prioritize the ones that are exploitable. More on reddit.com
🌐 r/DefenderATP
7
3
August 19, 2024
How to upgrade OpenSSL to 3.1.4
CISA came out that OpenSSL aversion 3.1.3 is vulnerable. I want to upgrade to 3.1.4(current version) but since we are running windows we need OpenSSl bundled already with Apache. On Apache Lounge, they have not updated the OpenSSL on the Apache(2.4.58 - win 64) bundle. Is there somewhere else ... More on community.atlassian.com
🌐 community.atlassian.com
January 4, 2024
How do I update OpenSSL on Windows 10 from 1.1.1h to 1.1.1o - Stack Overflow
I have been researching how to update OpenSSL on windows 10 and can't seem to find a clear answer. I currently have 1.1.1h and am looking to upgrade to 1.1.1o because of CVE-2021-3711. If anyone kn... More on stackoverflow.com
🌐 stackoverflow.com
openssl - how do I update it and know that it's working on the affected programs?
Upgrade to Microsoft Edge to take ... security updates, and technical support. Download Microsoft Edge More info about Internet Explorer and Microsoft Edge ... I'm getting serious vulnerabilities because I'm running an older version of OPENSSL. I used WINGET to download and install the latest version of OPENSSL. How do I know that applications/programs are using the NEW version of OPENSSL and not the older versions? ... Your case is not related to Windows for Business ... More on learn.microsoft.com
🌐 learn.microsoft.com
2
1
February 20, 2026
🌐
Serverpronto
serverpronto.com › kb › page.php
Update OpenSSL
Go to openssl-1.0.1g directory # make clean # ./config shared –prefix=/usr –openssldir=/usr/local/openssl # make && make test # make install 4. Done 5. Check the if you you have the latest version. Thus the openssl is updated to the latest one, and if not reboot your machine and check again.
🌐
Reddit
reddit.com › r/defenderatp › openssl updates for all of our devices but different versions of openssl/apps
r/DefenderATP on Reddit: OpenSSL Updates for all of our devices but different versions of OpenSSL/Apps
August 19, 2024 -

Hi there,

Is there a way to update OpenSSL for all devices that updates all of the different versions of OpenSSL that specific apps use?

Defender gives me vulnerabilities to file paths and it would be something like:

microsoft.windows.photos_2024.11070.31001.0_x64\libcrypto-3-x64.dll

Then I go to the Microsoft store to update the Windows Photos App but there is no update for it? This is the same issue for multiple applications. A lot points to libssl-3 or libcrypto but from different apps like git or azure CLI or visual studio 2022 even tho git and visual studio 2022 is updated.

I have been banging my head against this for months now. Could someone please share some insight on how to resolve this?

I would appreciate it so much! Thanks in advance.

Top answer
1 of 4
6
There is no resolution that will make it go away from the vulnerability dashboard that someone undoubtedly is pestering you about. What you are looking at is some dynamically linked libraries that contain some cryptographic functions that the applications in question make use of in some way or another. Building upon open source like this makes sense, since the alternative would be for everyone to spend time and resource on doing their own likely error-prone cryptographic implementation. Can you just compile your own OpenSSL dll files and use them to swap the allegedly vulnerable ones? Depends on the app. Sometimes it goes OK, sometimes it breaks the app. Someone is not very likely to stage a man-in-the-middle attack on microsoft windows photos. If the DLL is not in your systems PATH variable, then other applications on the system cannot make use of the DLL unless they address the exact path it is in. A better approach is to open a conversation with whoever is pestering you about the vulnerability scores. Explain that MS Defender will report on components on harddrive with CVE's, but it will NOT be able to determine for you which of these are exploitable. Thus, spending resources chasing a clean sheet in a vulnerability dashboard is a rather large waste of time. In fact, if you have a security team on your throat about CVE's in a dashboard, then ask them to help you prioritize the ones that are exploitable.
2 of 4
2
We are seeing the same thing and I have not yet found a solution, i was hoping the windows updates would take care of things that are Microsoft published but we have not seen the vulnerabilities decrease.
🌐
Shining Light Productions
slproweb.com › products › Win32OpenSSL.html
Win32/Win64 OpenSSL Installer for Windows - Shining Light Productions
Businesses Secure Cloud Load Balancing (See the Donations section on this page to get your business here)
🌐
Anaplan
support.anaplan.com › openssl-installation-steps-windows-os-6280772c-b8e3-4aa8-a49c-0d9d88640388
OpenSSL installation steps (Windows OS) | Anaplan Support
April 3, 2025 - It's best to install this program outside the Windows Directory. Install to "C:\" folder. 3. Once install is complete, navigate to "C: \OpenSSL-Win64\bin" and right-click on "openssl.exe" and select "Run as Administrator". 4. This will initiate a Command Prompt instance with OpenSSL. ... We ...
Find elsewhere
🌐
Atlassian Community
community.atlassian.com › q&a › confluence › questions › how to upgrade openssl to 3.1.4
How to upgrade OpenSSL to 3.1.4
January 4, 2024 - Download the new version as a zip (instead of .exe) from https://kb.firedaemon.com/support/solutions/articles/4000121705-openssl-3-1-3-0-and-1-1-1-binary-distributions-for-microsoft-windows
🌐
Stack Overflow
stackoverflow.com › questions › 72266514 › how-do-i-update-openssl-on-windows-10-from-1-1-1h-to-1-1-1o
How do I update OpenSSL on Windows 10 from 1.1.1h to 1.1.1o - Stack Overflow
@DavidGrayson: historically native Windows apps did that, but Win10 up has WSL where the library handling and update methods are the same as a selected Unix distro, and all versions of Win (at least NT up) have had other Unix-like schemes such as gnuwin32 and cygwin/mingw/mingw64 each with their own library scheme. But yes it depends on what you installed/use. ... @DavidGrayson Unfortunately I can't be sure what was used to install it in the first place as that was before I was there. I can be sure it's 1.1.1h as I ran "openssl version" in PowerShell and it returned the version.
🌐
OpenSSL Library
openssl-library.org › source
Downloads | OpenSSL Library
They can be found at https://www.openssl.org/source/snapshot/. These daily snapshots of the source tree are provided for convenience only and not even guaranteed to compile. Note that keeping a git local repository and updating it every 24 hours is equivalent and will often be faster and more ...
Top answer
1 of 2
1

Hello Jane,

Your case is not related to Windows for Business or Windows 365 Enterprise. What you are dealing with is an application dependency issue around OpenSSL versions on Windows. Winget installs the latest OpenSSL binaries into a system path, but applications do not automatically switch to using them. Each program either links statically to its own bundled OpenSSL libraries or dynamically loads them from a specific path. That means even if you have the newest OpenSSL installed globally, older applications may still be calling their embedded or outdated DLLs.

To verify which version is actually being used, you need to inspect the binaries that the application loads. On Windows, the most reliable way is to use Process Explorer from Sysinternals. Launch the application, open Process Explorer, and check the loaded modules under the process. If you see libssl-1_1.dll or libcrypto-1_1.dll, note the file path. That path tells you whether the program is using the system-installed OpenSSL or its own copy. You can also run openssl version from the command line to confirm the version of the OpenSSL binary you installed via Winget, but that only confirms the global installation, not what each application is consuming.

There is no single command line that forces all applications to use the new OpenSSL. Each application must either be updated by its vendor to link against the newer libraries, or you must replace the older DLLs in the application’s directory with the updated ones though this is risky and not recommended unless the vendor explicitly supports it. The best practice is to update the applications themselves to versions that are compiled against the latest OpenSSL.

I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

Domic Vo.

2 of 2
0

To ensure that your applications are using the new version of OpenSSL after updating, you can follow these steps:

  1. Check OpenSSL Version: You can verify the installed version of OpenSSL by running the following command in your command line:
       openssl version
    
    This command will display the version of OpenSSL currently in use.
  2. Verify Application Dependencies: For applications that depend on OpenSSL, you may need to check their documentation or use specific commands to see which version of OpenSSL they are linked against. This can vary by application, but many applications will have a command-line option to display version information.
  3. Check for Multiple Versions: If you suspect that multiple versions of OpenSSL are installed, you can check the paths of the OpenSSL binaries in your system. Use the following command to find all instances of OpenSSL:
       where openssl
    
    This will show you the locations of the OpenSSL executables, and you can verify if the correct version is being used.
  4. Update Environment Variables: Ensure that your system's PATH environment variable points to the directory of the new OpenSSL installation. This can help ensure that applications use the correct version.
  5. Testing Applications: After updating, test your applications to ensure they function correctly. If they fail or report issues related to OpenSSL, they may still be referencing an older version.

By following these steps, you can confirm that your applications are using the updated version of OpenSSL and mitigate any vulnerabilities associated with older versions.

Top answer
1 of 4
23

I finally made it, I installed OpenSSL 3.2.0-dev on Windows 11.

These are the detailed steps so that anyone in the future can do it:

I ended up using the first method, with C++, as seen here: https://github.com/openssl/openssl/blob/master/NOTES-WINDOWS.md#quick-start

Here are the instructions, I tried to make them as detailed as possible, let me know if it needs changes or fixes:

First steps: Installing the necessary software:

Step 1: Install Perl - Install the Strawberry version, much easier to install and it installs everything and also adds them automatically to the Windows PATH variables

Step 2: Install NASM, and add it to the Windows system (or your user's) PATH variables. I ended up adding it only to my user's variables PATH: C:\Users\<username>\AppData\Local\bin\NASM

Step 3: Install Visual Studio (I have Visual Studio Community 2022), and install the Desktop development with c++. I ended up choosing the following packages(I'm sure not all are necessary, but if you know, please let me know which ones are the ones I need so that I'll update the photo to avoid installing too many packages):

Step 4: Download and install the Build Tools for Visual Studio (I assume in the future this link will change so look for the Build Tools installation link for your Visual Studio version): https://visualstudio.microsoft.com/downloads/#build-tools-for-visual-studio-2022

Step 5: After installing the build tools, launch the Visual Studio installer. In the installer, you will now see the Build Tools. Click on "Modify" under the Visual Studio Build Tools:

And then install the needed packages for the OpenSSL installation, it's what's going to install nmake:

Then, the build and installation steps:

Step 6: Clone the openssl repository to some folder on your PC (I cloned it in C:/ so I ended up having C:/openssl/), and fix the line endings by running the following commands:

> git clone git://git.openssl.org/openssl.git

> cd openssl
> git config core.autocrlf false
> git config core.eol lf
> git checkout .

Update: If you want another version, clone the repository without checking out, fix the line-endings and then checkout to the version you want. For example if you want 3.1.0 stable (Note the -n flag for no-checkout):

> git clone -n git://git.openssl.org/openssl.git

> cd openssl
> git config core.autocrlf false
> git config core.eol lf
> git checkout openssl-3.1.0

Step 7: In Windows Search, search for "Developer Command Prompt for VS 2022" (Or any of your versions), and run it as administrator:

Which will open this command window:

Step 8: You need to set the right environment for the version of OpenSSL you want to install, otherwise build will fail. In my case, I wanted to install OpenSSL for 64-bit systems, copy-paste the following (including the quotes, and change the path according to your Visual Studio installation path):

"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat"

which will then set the environment, as seen here:

Step 9: From the same Developer Command Prompt, cd into the folder you cloned the openssl source code, in my case it was C:/openssl, and then follow the steps from the OpenSSL guide:

> perl Configure VC-WIN64A
> nmake
> nmake test
> nmake install

Note that these steps take time, it took me around 20-30 minutes to finish all these 4 commands

Step 10: That's it! It's installed! You can find the OpenSSL executable (openssl.exe) at C:\openssl\apps. (And add it to Windows system or user's PATH variables if you want)

In my case when I run openssl version I see OpenSSL 3.2.0-dev (Library: OpenSSL 3.2.0-dev )

2 of 4
16

If you have Git installed in your local, open git bash, and use the command openssl. It should work

🌐
GitHub
github.com › python › cpython › issues › 131423
Update OpenSSL versions for CI and Windows · Issue #131423 · python/cpython
March 18, 2025 - Those low vulnerabilities affect OpenSSL 1.1.1+ and 3.x versions that we currently use and were fixed in the February 2025 release. Note: I don't think Python is directly affected by the low vulnerabilies and I just want the fixes that were included in those releases for my own work. Since the high vulnerability only affects 3.2+, Windows builds should not be affected. ... Update macOS and Windows builds to use OpenSSL 3.0.16.
Author   python
🌐
Support Your Tech
supportyourtech.com › home › articles › how to update openssl on windows 10: a step-by-step guide
How to Update OpenSSL on Windows 10: A Step-by-Step Guide
March 6, 2025 - Visit the official OpenSSL website to download the latest version. Make sure you choose the correct version for Windows. Download the installer to your preferred location. This step is crucial for obtaining the most secure and updated version.
🌐
Huawei
forum.huawei.com › enterprise › en › Installing-OpenSSL-1-1-1-on-Windows-64-bit › thread › 688534388880588800-667213859733254144
How to Install OpenSSL 1.1.1 on Windows
August 7, 2023 - Huawei support community is a communication center for sharing experiences and knowledge, solving questions and problems for enterprise partners, customers and engineers.
🌐
Linux Hint
linuxhint.com › install-openssl-windows
How to Install OpenSSL in Windows
August 9, 2022 - Linux Hint LLC, [email protected] 1210 Kelly Park Circle, Morgan Hill, CA 95037 Privacy Policy and Terms of Use
🌐
YouTube
youtube.com › watch
How to download and Install OpenSSL on Windows 10|OpenSSL - YouTube
In this video i will show you how to download and install OPENSSL setup on Windows 10https://slproweb.com/products/Win32OpenSSL.htmlየyoutube ቻናል ቤተሰብ ካልሆናችሁ ...
Published   August 24, 2022
🌐
UNBLOG
think.unblog.ch › start › unblog tutorials (en) › how to install openssl on windows 10-11
How to Install OpenSSL on Windows 10-11 UNBLOG Tutorials
November 7, 2024 - The Windows package manager “winget” allows you to install applications and other packages by using the command line. If winget is started for the first time, you will be prompted to confirm the source agreement terms, by hit the Y key. The OpenSSL package is now installed. The second method is to download and install the package. The table (screenshot) on the slproweb.com website contains the versions for Win32 and Win64 OpenSSL as EXE and MSI installers.