Forum Discussion
Updating curl.exe on Windows servers
PalmerEldritch Daniel Stenberg the main developer behind cURL has addressed this in a blog post here - https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/
The TLDR is that manually modifying files inside the system folder is not supported and may cause future updates to fail. Microsoft has supposably shipped an updated cURL.exe in the April 2023 Cumulative. Update - are you still seeing a vulnerable version with the latest updates installed?
PalmerEldritch Daniel Stenberg the main developer behind cURL has addressed this in a blog post here - https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/
The TLDR is that manually modifying files inside the system folder is not supported and may cause future updates to fail. Microsoft has supposably shipped an updated cURL.exe in the April 2023 Cumulative. Update - are you still seeing a vulnerable version with the latest updates installed?
Yes we are still experiencing the same issue. Qualys is also detecting this vulnerability still on our Win Server 2022 as a QID 380508 Libcurl Denial of Service (DoS) Vulnerability.
Does anybody have any advice how to update native windows versions of curl.exe located in:
%windir%\System32\curl.exe
%windir%\SysWOW64\curl.exe
Thank you in advance.
Also seeing this from Qualys scans and wondering if MS will be coming with a patch to update. I have seen a number of negative posts with manually updating this curl.exe causing all types of OS issues.
