Forum Discussion
Solved
Updating curl.exe on Windows servers
Hi all, We've been getting curl.exe coming up as a vulnerability in scans. Looks like this was added to Windows, but isn't really kept updated via MS update... seems like a bad practice. Anyway -...
PalmerEldritch Daniel Stenberg the main developer behind cURL has addressed this in a blog post here - https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/
The TLDR is that manually modifying files inside the system folder is not supported and may cause future updates to fail. Microsoft has supposably shipped an updated cURL.exe in the April 2023 Cumulative. Update - are you still seeing a vulnerable version with the latest updates installed?
Hello,
Update curl.exe like you update all operating system files - by applying monthly cumulative updates (or other hotfixes provided by microsoft). Manually replacing the file will break Windows, don't do it.
Update curl.exe like you update all operating system files - by applying monthly cumulative updates (or other hotfixes provided by microsoft). Manually replacing the file will break Windows, don't do it.