On November 1, 2022, the OpenSSL Project released a security advisory describing two high-severity vulnerabilities found in the library. The affected versions of OpenSSL are 3.0.0 to 3.0.6. The vulnerabilities are tracked as CVE-2022-3602 and CVE-2022-3786.
There is a lot of coverage of these CVEs from various online sources, and OpenSSL published a blog post answering the most common questions the public has. Even though the level of a difficulty of exploit is really high, it is proven to be possible on Windows machines.
Virtru services are not affected, and no customer action is required. Our software is not shipped with OpenSSL 3.0. However, we encourage customers to check their operating systems to ensure there are no affected versions of OpenSSL installed, and upgrade to patched versions if appropriate.