168 questions
Hi Saura,
KB5032196 is for Windows Server 2019 as well
How can we remediate CVE-2023-38039 which is showing in lot of Windows servers?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
A lot of Windows servers are showing Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039) as High vulnerability in Tenable scans. We did not see any updates for Curl in Windows Updates and also could not find any document that provides a guidance on this. Please advice. Thanks.
Windows for business | Windows Server | Windows cloud | Other
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
{count} votes
Accepted answer
-
Anonymous
2023-11-15T08:59:18+00:00
18 additional answers
Sort by: Most helpful
-
Anonymous
2023-10-05T00:58:29+00:00 Hello SAURA JYOTI TRIPATHY,
Thank you for posting in Microsoft Community forum.
(https://www.tenable.com/plugins/nessus/181409). The stated solution is "Upgrade Curl to version 8.3.0 or later".
You can try to upgrade Curl to version 8.3.0 or later on one test machine and then check if it helps.
Here is a similar thread.
Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039) - Microsoft Q&AI hope the information above is helpful.
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou -
Anonymous
2023-10-06T15:33:21+00:00 I highly recommend against any attempt to manually update the embedded Windows curl files. Replacing them changes the file hash that Microsoft expects to see when curl is addressed in a cumulative update. The entire update will fail to install.
This advice is based on personal experience with the previous curl finding in Tenable.
-
Anonymous
2023-10-07T02:06:39+00:00 Thank you Daisy.
-
Anonymous
2023-10-07T02:09:28+00:00 Thank you for the feedback. Since CURL has categorized it as a Medium severity, it seems unlikely that MS would be rolling out an update soon. But will wait and not do manual updates. Thanks again.