I recently resolved an issue on my laptop where Microsoft Defender flagged OpenSSL vulnerabilities in the following Intel Client Security (ICLS) driver files:
c:\windows\system32\driverstore\filerepository\iclsclient.inf_amd64_c25dbc60ad3b371a\lib\libcrypto-3-x64.dll (OpenSSL Version: 3.0.14.0)
c:\windows\system32\driverstore\filerepository\iclsclient.inf_amd64_c25dbc60ad3b371a\lib\libssl-3-x64.dll (OpenSSL Version: 3.0.14.0)
Here’s how I fixed it, step by step:
1) Confirmed the Issue:
In Device Manager, under System devices, I located Intel(R) Management Engine Interface. The installed ICLS driver version was 1.74.210.0. Checking the file properties of the flagged DLLs confirmed they were using OpenSSL 3.0.14.0, matching Defender’s alert.
2) Updated the Driver:
I downloaded the latest Intel Management Engine driver package (Intel_R_ME_SW_2507.7.10.0.zip) from Intel’s website. Using the ICLS driver included in this package, I updated the driver via Device Manager. Post-update, the new driver version loaded was 1.75.121.0, and the bundled OpenSSL version upgraded to 3.0.15, which patches the vulnerabilities.
3) Noticed Residual Files:
The update created a new folder in c:\windows\system32\driverstore\filerepository\ with the updated files but left the old folder (iclsclient.inf_amd64_c25dbc60ad3b371a) intact. Defender could still detect the vulnerable 3.0.14.0 files in the old folder.
4) Removed the Old Driver:
I ran pnputil /enum-drivers in an Admin Command Prompt to list all installed driver packages. This showed both the old (1.74.210.0) and new (1.75.121.0) ICLS drivers, each tied to an oemXX.inf file.
I removed the old driver with: pnputil /delete-driver oemXX.inf /uninstall (Replace oemXX.inf with the actual name from your list.)
This deleted the old folder and its vulnerable OpenSSL files. Then I rebooted to verify nothing has been broken.
5) Verified the Fix:
The vulnerable files were no longer flagged on Defender, confirming the issue was resolved.
Notes:
OpenSSL 3.0.14.0 has known vulnerabilities (e.g., CVE-2024-5535), fixed in 3.0.15.
Manually deleting DriverStore folders isn’t advised—use pnputil to avoid issues.
Check your specific oemXX.inf number in the pnputil /enum-drivers output before deleting.
This worked for me without breaking anything. Hopefully, it helps others facing the same Defender alerts!