Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Score big with last-minute savings on the final tickets to FabCon Vienna. Secure your discount

Reply
david147brown
New Member

MS needs to update OpenSSL within On Premise Data Gateway

‎10-15-2024 01:11 AM

MS seem to keep shipping software with OpenSSL vulnerabilities, and dont update openSSL to the latest versions.

 

This means that I have security vulnerabilities all over the place to do with

 

PowerBI desktop

On Premises data gateway

Visual Studio

as well as a raft of Azure VM configuration and management extensions

 

Does anyone know if they get round to updating these?

Labels:
Message 1 of 5
1,189 Views
4 REPLIES 4
pmemar
Regular Visitor

‎11-21-2024 03:56 AM

We’re seeing the same issue flagged by Microsoft Defender, which shows an attack path due to a vulnerability. The root cause is the outdated OpenSSL version in the Simba Spark ODBC connector, last updated 6 months ago.

Since the on-premises data gateway uses this connector, it also inherits the vulnerability. We’re waiting for an update to fix this issue, and we believe Microsoft should address this risk promptly.

Message 3 of 5
988 Views
0
Anonymous
Not applicable
In response to pmemar

‎11-27-2024 05:05 PM

Hi @david147brown ,
I am sorry to reply you after so long, at present Microsoft official has noticed this problem, about the Open ssl vulnerability, the solution given at present is that it will be fixed in the future desktop version, if the fixed version is released, I will notify you the latest desktop version number at the first time, I hope this can be helpful for your query!

Message 4 of 5
936 Views
pmemar
Regular Visitor
In response to Anonymous

‎12-19-2024 04:05 AM

Hi @Anonymous ,

 

Unfortunately, the new update still suffers from the same vulnerability. We are looking forward to receiving an updated patch from Microsoft.

Message 5 of 5
826 Views
0
Anonymous
Not applicable

‎10-15-2024 06:27 PM

Hi @david147brown,
It looks like you have a very serious problem, and it is recommended that users regularly check for security bulletins issued by the Microsoft Security Response Center (MSRC).
I would recommend checking regularly for security bulletins issued by the Microsoft Security Response Center (MSRC).The MSRC typically releases regular security updates related to various products including Power BI, On-Premises Data Gateway, and Visual Studio, etc., and if a new OpenSSL security vulnerability is disclosed, the If a new OpenSSL security vulnerability is disclosed, the MSRC will issue a patch or mitigation.

Microsoft Security Response Center

In order to enhance the security of On-Premises Data Gateway, it is recommended that you take more detailed cybersecurity measures to minimize the risk of potential attacks, here are the relevant documents that I found for you, I hope it will help you!
View and manage on-premises data gateways - Power Platform | Microsoft Learn

Azure network security groups overview | Microsoft Learn

If none of the above measures are of practical help to you, and your feedback is particularly urgent, we recommend that you contact Microsoft's Technical Support team directly and submit a work order to expedite the process.
This approach ensures that the issue is formally documented and may prompt a quicker response from the product team.

Hope it helps!

Best regards,
Community Support Team_ Tom Shen

If this post helps then please consider Accept it as the solution to help the other members find it more quickly.

 

Message 2 of 5
1,133 Views
0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Kudoed Authors
View All