Forum Discussion
Solved
Updating curl.exe on Windows servers
Hi all, We've been getting curl.exe coming up as a vulnerability in scans. Looks like this was added to Windows, but isn't really kept updated via MS update... seems like a bad practice. Anyway -...
PalmerEldritch Daniel Stenberg the main developer behind cURL has addressed this in a blog post here - https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/
The TLDR is that manually modifying files inside the system folder is not supported and may cause future updates to fail. Microsoft has supposably shipped an updated cURL.exe in the April 2023 Cumulative. Update - are you still seeing a vulnerable version with the latest updates installed?
Hello,
Yes we are still experiencing the same issue. Qualys is also detecting this vulnerability still on our Win Server 2022 as a QID 380508 Libcurl Denial of Service (DoS) Vulnerability.
Does anybody have any advice how to update native windows versions of curl.exe located in:
%windir%\System32\curl.exe
%windir%\SysWOW64\curl.exe
Thank you in advance.
Yes we are still experiencing the same issue. Qualys is also detecting this vulnerability still on our Win Server 2022 as a QID 380508 Libcurl Denial of Service (DoS) Vulnerability.
Does anybody have any advice how to update native windows versions of curl.exe located in:
%windir%\System32\curl.exe
%windir%\SysWOW64\curl.exe
Thank you in advance.
Also seeing this from Qualys scans and wondering if MS will be coming with a patch to update. I have seen a number of negative posts with manually updating this curl.exe causing all types of OS issues.