diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index b008d5c3..f495faf0 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -145,6 +145,7 @@ check_function_exists(isblank HAVE_ISBLANK)
 check_function_exists(strncpy HAVE_STRNCPY)
 check_function_exists(strtoull HAVE_STRTOULL)
 check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
+check_function_exists(memset_s HAVE_MEMSET_S)
 
 if (HAVE_GLOB_H)
   check_function_exists(glob HAVE_GLOB)
diff --git a/config.h.cmake b/config.h.cmake
index f3b69635..dea776ed 100644
--- a/config.h.cmake
+++ b/config.h.cmake
@@ -163,6 +163,9 @@
 /* Define to 1 if you have the `explicit_bzero' function. */
 #cmakedefine HAVE_EXPLICIT_BZERO 1
 
+/* Define to 1 if you have the `memset_s' function. */
+#cmakedefine HAVE_MEMSET_S 1
+
 /*************************** LIBRARIES ***************************/
 
 /* Define to 1 if you have the `crypto' library (-lcrypto). */
diff --git a/src/misc.c b/src/misc.c
index ac3a623c..c7b34f26 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -1055,11 +1055,15 @@ int ssh_match_group(const char *group, const char *object)
 #if !defined(HAVE_EXPLICIT_BZERO)
 void explicit_bzero(void *s, size_t n)
 {
+#if defined(HAVE_MEMSET_S)
+    memset_s(s, n, '\0', n);
+#else
     memset(s, '\0', n);
 #if defined(HAVE_GCC_VOLATILE_MEMORY_PROTECTION)
     /* See http://llvm.org/bugs/show_bug.cgi?id=15495 */
     __asm__ volatile("" : : "g"(s) : "memory");
 #endif /* HAVE_GCC_VOLATILE_MEMORY_PROTECTION */
+#endif
 }
 #endif /* !HAVE_EXPLICIT_BZERO */