Updating curl.exe on Windows servers

New Contributor

Hi all,


We've been getting curl.exe coming up as a vulnerability in scans. Looks like this was added to Windows, but isn't really kept updated via MS update... seems like a bad practice. Anyway - what's the recommended way to update the curl.exe? Just manually replace the file with the latest version? Are there any potential issues that could arise from doing this? 


Thanks for any help.

3 Replies
best response confirmed by PalmerEldritch (New Contributor)

@PalmerEldritch Daniel Stenberg the main developer behind cURL has addressed this in a blog post here -


The TLDR is that manually modifying files inside the system folder is not supported and may cause future updates to fail. Microsoft has supposably shipped an updated cURL.exe in the April 2023 Cumulative. Update - are you still seeing a vulnerable version with the latest updates installed?

Update curl.exe like you update all operating system files - by applying monthly cumulative updates (or other hotfixes provided by microsoft). Manually replacing the file will break Windows, don't do it.
Thanks - I didn't want to attempt to manually update anything anyway. It just seems like a long time for this to be at a fairly old version. Hopefully MS remembers to keep it updated going forward. Odd that it finally was just in this month's patches. I'll check to see if it gets updated after the April update is applied.