Posted on

OpenSSL up to 1.0.2s/1.1.0k/1.1.1c on Windows mingw OPENSSLDIR privilege escalation

A vulnerability has been found in OpenSSL up to 1.0.2s/1.1.0k/1.1.1c on Windows (Network Encryption Software) and classified as critical. Affected by this vulnerability is an unknown function of the component mingw. Upgrading to version 1.0.2t, 1.1.0l or 1.1.1d eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.openssl.org. The best possible mitigation is suggested to be upgrading to the latest version.