Share via

cURL Update

Gary Wooten [C] 0 Reputation points
2023-09-08T22:23:15.7066667+00:00 
Are there any Microsoft solutions to address the finding below: 

Curl Use-After-Free < 7.87 (CVE-2022-43552)
Nessus Plugin: 171859
PUBLISHED: Feb 23, 2023
LAST MODIFIED: Sep 1, 2023
IAVA:2023-A-0008


Path              : C:\Windows\SysWOW64\curl.exe
  Installed version : 7.83.1.0
  Fixed version     : 7.87.0

  Path              : C:\Windows\System32\curl.exe
  Installed version : 7.83.1.0
  Fixed version     : 7.87.0
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. CNBIT 10 Reputation points
    2023-10-13T13:31:40.9466667+00:00

    Hi Gary, I hope you have not followed the solution provided before as it actually opens a whole new can of worms. We did a similar set of steps and later found this actually corrupts the windows components store for Curl and it is no longer able to be successfully patched by Microsoft Updates forcing you to have to update manually each time. Please see the article below from the creator of Curl himself talking about how this is a bad idea.

    https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/comment-page-1/

    Luckily, as of April 2023, Microsoft patches do update older versions of Curl to 8.0.1.0 at the time of this comment. If you have already manually updated Curl (like we did) the below steps from the comments section of that same linked article helped us to repair the windows component store.

    -Take ownership of Curl in both System32 and SysWOW64 again if you are not already the owner

    -Delete both instances of Curl.exe

    • Run the command dism /Online /Cleanup-Image /RestoreHealth in command prompt or powershell
    • Allow the previous command to finish (this can take quite a while so patience is key) then run SFC /scannow

    Once both of those commands have completed, there should now be a new and uncorrupted instance of Curl in those system folders. This can also be verified by checking the CBS.log file once the commands have finished.

    Hope this helps

    2 people found this answer helpful.
  2. Limitless Technology 44,766 Reputation points
    2023-09-11T15:22:36.49+00:00

    Hello

    Thank you for your question and reaching out.

    Similar worries have been voiced by a number of users, and hopefully, this will be addressed in upcoming security patches.

    Several of the aforementioned vulnerabilities linked to cURL were highlighted by Tenable's vulnerability scanner.

    You can provide the Microsoft team with feedback. By using the Feedback Hub app, you can notify Microsoft of any issues you encounter.

    https://support.microsoft.com/en-us/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332

    Workaround :

    Download the latest curl version (8.0.1) or higher -> Unzip it.

    Take ownership of curl.exe (C:\Windows\System32).

    Then Rename or delete the old curl.exe.

    Copy in the new one version.

    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.