Share via

Vulnerabilities within Azure Monitor Windows Agent

Maciej Kurzeja 55 Reputation points
2025-12-01T12:35:18.7433333+00:00

Microsoft Defender is alerting us that 'Azure Monitor Windows Agent' in newest version 1.39.0.0 is still using vulnerable OpenSSL libraries (3.5.1.0 and 3.5.2.0) which are vulnerable to CVE-2025-9230, CVE-2025-9231, CVE-2025-9232.

Vulnerabilites are fixed in version 3.5.4.0.

Can you provide ETA when this will be fixed?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-01T12:35:37.2566667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The context provided does not contain specific information regarding the timeline for fixing vulnerabilities in the Azure Monitor Windows Agent or the OpenSSL libraries mentioned. Therefore, I cannot provide an estimated time of arrival (ETA) for when these vulnerabilities will be addressed. It is advisable to monitor official Microsoft channels or documentation for updates on this issue.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.