Hi Saura,
KB5032196 is for Windows Server 2019 as well
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
A lot of Windows servers are showing Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039) as High vulnerability in Tenable scans. We did not see any updates for Curl in Windows Updates and also could not find any document that provides a guidance on this. Please advice. Thanks.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hi Saura,
KB5032196 is for Windows Server 2019 as well
Hello SAURA JYOTI TRIPATHY,
Thank you for posting in Microsoft Community forum.
(https://www.tenable.com/plugins/nessus/181409). The stated solution is "Upgrade Curl to version 8.3.0 or later".
You can try to upgrade Curl to version 8.3.0 or later on one test machine and then check if it helps.
Here is a similar thread.
Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039) - Microsoft Q&A
I hope the information above is helpful.
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
I highly recommend against any attempt to manually update the embedded Windows curl files. Replacing them changes the file hash that Microsoft expects to see when curl is addressed in a cumulative update. The entire update will fail to install.
This advice is based on personal experience with the previous curl finding in Tenable.
Thank you Daisy.
Thank you for the feedback. Since CURL has categorized it as a Medium severity, it seems unlikely that MS would be rolling out an update soon. But will wait and not do manual updates. Thanks again.