Update cURL 7.88.1 Windows Server

Saeed Ramirez 150 Reputation points
2023-03-03T17:26:50.16+00:00

Hello, I appreciate your support with the following:

Until the day of this post, our vulnerability detection tool has detected the curl 7.87.0 version on the network as vulnerable, which appears in most windows server operating systems in an integrated way.

Currently, the updated version 7.88.1 appears on the official curl page, but he was unable to find the appropriate method to update the curl program.

I would appreciate it if you could provide me with the correct method for updating the program or if you have information on the patch/update of the operating system that will address this vulnerability.

Thank you!

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,547 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,418 questions
{count} votes

3 answers

Sort by: Most helpful
  1. pronichkin 26 Reputation points
    2023-04-11T22:17:40.14+00:00

    The issue is resolved with April, 11th round of updates for all supported operating systems. (e.g., KB5025229 for Windows Server 2019, KB5025230 for Windows Server 2022.) The inbox version of curl.exe (located at %WinDir%\System32\curl.exe) has been updated to version 8.0.1 which addresses CVE-2022-43552. Note that if some other software installed curl.exe to another location, it needs to be updated separately.

    3 people found this answer helpful.
    0 comments No comments

  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    5 deleted comments

    Comments have been turned off. Learn more

  3. Limitless Technology 44,071 Reputation points
    2023-03-07T08:30:22.21+00:00

    Hello there,

    Several users have shared similar concerns and this might be addressed in upcoming security patches hopefully.

    Meanwhile, it is not advised to disable it. Most vendor APIs are going to rely on curl instead of wget. It’s not that you need to be able to curl against Windows Server, it’s that it’s very likely your Windows Server will need to curl to an upstream server as part of an automation pipeline.

    Tenable vulnerability scanner had flagged several of the above vulnerabilities associated with cURL

    You can raise feedback to the Microsoft team. The Feedback Hub app lets you tell Microsoft about any problems you run into https://support.microsoft.com/en-us/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–