Forum Discussion
Updating curl.exe on Windows servers
PalmerEldritch Daniel Stenberg the main developer behind cURL has addressed this in a blog post here - https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/
The TLDR is that manually modifying files inside the system folder is not supported and may cause future updates to fail. Microsoft has supposably shipped an updated cURL.exe in the April 2023 Cumulative. Update - are you still seeing a vulnerable version with the latest updates installed?
PalmerEldritch Daniel Stenberg the main developer behind cURL has addressed this in a blog post here - https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/
The TLDR is that manually modifying files inside the system folder is not supported and may cause future updates to fail. Microsoft has supposably shipped an updated cURL.exe in the April 2023 Cumulative. Update - are you still seeing a vulnerable version with the latest updates installed?
mulanaMicrosoft
Hi,
We are also seeing this vulnerability present even with the latest update of the Windows Server 2019 Datacenter (version 1809, OS build 17763.6775). Any ideas?
Thanks!- Hello,
Yes we are still experiencing the same issue. Qualys is also detecting this vulnerability still on our Win Server 2022 as a QID 380508 Libcurl Denial of Service (DoS) Vulnerability.
Does anybody have any advice how to update native windows versions of curl.exe located in:
%windir%\System32\curl.exe
%windir%\SysWOW64\curl.exe
Thank you in advance.Also seeing this from Qualys scans and wondering if MS will be coming with a patch to update. I have seen a number of negative posts with manually updating this curl.exe causing all types of OS issues.
- Thanks - I didn't want to attempt to manually update anything anyway. It just seems like a long time for this to be at a fairly old version. Hopefully MS remembers to keep it updated going forward. Odd that it finally was just in this month's patches. I'll check to see if it gets updated after the April update is applied.
