Skip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

Update about High Impact OpenSSL-release

By 25 March 2021 September 9th, 2021 Vulnerability

This liveblog contains information about the High Impact OpenSSL-release. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update March 25, 2021

16:00 | OpenSSL published today the patch for two critical vulnerabilities (CVE-2021-3450 and CVE-2021-3449). All OpenSSL services from version 1.1.1h must be patched. Without this patch, a denial-of-service (DoS) attack is possible. A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. It is quite easy to disrupt the systems behind your unpatched OpenSSL with a script. You solve this by patching.

Update March 22, 2021

18:00 | The OpenSSL Project Team has made a pre-announcement for a “high impact” vulnerability within OpenSSL. OpenSSL is used in encrypting network connections. High impact vulnerabilities within OpenSSL are rare, which is why Tesorion strongly advises to actively monitor these developments. The first information can be found here.

Reason and background of this blog

This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.

Risk

Update March 25, 2021, Update available, see the OpenSSL website for the patch.

Update March 22, 2021, OpenSSL announced a new security release (version 1.1.1k), which will be made available on Thursday, March 25, 2021. This post explains that this release offers a solution for a high-impact vulnerability.

Detail info

The patch will be made available on Thursday, March 25, 2021 between 2:00 PM and 5:00 PM Dutch time and more information is expected to become available.

Background

OpenSSL is a widely used solution for encrypting network connections.

Subscribe

Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.