UPDATE: OpenSSL patch available, vulnerability severity scaled down
The OpenSSL development team has just released version 3.0.7. released. This fixes several vulnerabilities. The vulnerability that OpenSSL previously classified as 'critical' has now been scaled down to 'high'. Based on the information that is now available, the NCSC also estimates the severity of the vulnerability to be less than previously thought.
The NCSC has published a security advice with a perspective for action. There is still the possibility that your organization is using a vulnerable version of OpenSSL. The NCSC therefore advises organizations to read the security advice and, where necessary, take action.
In addition, the NCSC is working with partners to obtain the broadest and most up-to-date picture possible of products that use a vulnerable OpenSSL version. A list is maintained for this on GitHub . Please check the list regularly for relevant updates.