Zoom vulnerability related to OpenSSL libraries (libcrypto-3-zm.dll and libssl-3-zm.dll) detected by security.microsoft.com | Community
Skip to main content
New Member
July 6, 2026
Question

Zoom vulnerability related to OpenSSL libraries (libcrypto-3-zm.dll and libssl-3-zm.dll) detected by security.microsoft.com

  • July 6, 2026
  • 0 replies
  • 8 views

Hello Zoom Community,

 

We are currently deploying Zoom Workplace 7.1.0 across our Windows 11 enterprise environment and have identified an issue reported by Microsoft Defender Vulnerability Management.

Microsoft Defender is detecting the bundled OpenSSL libraries within the Zoom installation as vulnerable:

  • libcrypto-3-zm.dll – Version 3.4.4.0
  • libssl-3-zm.dll – Version 3.4.4.0

These files are located under:

 
C:\Users\<username>\AppData\Roaming\Zoom\bin\

 

As a result, Microsoft Defender is generating an "Update owning apps: vulnerable OpenSSL libraries detected" recommendation and associating these files with multiple OpenSSL CVEs (including CVE-2026-28387 and additional OpenSSL vulnerabilities).

This currently affects all of our deployed Zoom clients.

 

Could you please advise:

  1. Are these vulnerabilities acknowledged by Zoom for Zoom Workplace 7.1.0?
  2. Is Zoom planning to update the bundled OpenSSL libraries to a version that addresses these CVEs (for example, OpenSSL 3.4.5 or later)?
  3. Is there an estimated timeline or target release for this update?
  4. Are there any mitigations or official guidance from Zoom while we await an updated release?

We would appreciate any information you can provide, as these findings are currently being reported across our Microsoft Defender Vulnerability Management dashboard and are impacting our enterprise vulnerability compliance reporting.

 

Thank you for your assistance.