How am I subject to this zero-day? Let’s use Defender

Microsoft Defender Vulnerability notifications sent an email informing about a new zero-day in Open SSL. I don’t use Open SSL intentionally so how am I subject to this zero-day? We’re going to use Defender to find out and then remove the vulnerability.

A new zero-day notification arrived via email from Defender

Find the problem application and associated files

The question to answer is which of the products that I use, contain this vulnerability? Let’s click on the View recommendations button and find out. Moving to the Vulnerable files tab provides the fastest way to the answer. Zoom contains the dll’s affected by this zero-day. I checked for an update in Zoom and there wasn’t one yet.

If you’re not starting from the vulnerability email, then go to, the home of Defender, expand Endpoints, Vulnerabilities and Recommendations. This is where you can find the most current list of vulnerability alerts for your company.

As found in Defender vulnerabilities

If you are starting from the email, then you’ll be brough straight into the vulnerability section of Defender, where you can begin to take action.

View the list of effected files.

Delete the files

Since there isn’t an update I can apply yet, I use the Vulnerable files tab to provide me with a list of where the files are in my network that I need to delete. This will likely break zoom for the time being. I’ll have to be aware that if I enter another zoom meeting before the update is available that they may very well return to my computer. I’ll make sure to prioritize the installation of updates from Zoom.

Using the path provided, the files are easily deleted. You can do this manually if it’s just a computer or two, or you can use your RMM tool to remove them. Since it’s an application path the storage location will always be the same.

All we do is support IT professionals. Security communityMSP Legislation communityIntune, Defender and Lighthouse communityPeer groupscoursespapersBusiness consulting and more.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.