Patch for cURL 8.4.0 CVE-2023-38545 ETA?

Alexis Martinez 50 Reputation points
2023-10-27T16:00:05.5166667+00:00

Any ETA when a patch for cURL 8.4.0 will be released. We currently see that cURL 8.4.0 has been released by the cURL project, but Microsoft hasn't released a patch for this? We need to get this patched immediately on our Windows 10 and Server appliances.

Our team has attempted to copy and paste the new version of cURL, but it appears that it reverts to the old version of cURL when a hardlink exists to the Windows Component Store. The only viable route would be to have Microsoft release a patch.

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Server | Devices and deployment | Configure application groups
Windows for business | Windows Client for IT Pros | User experience | Other
{count} votes

3 answers

Sort by: Most helpful
  1. abbodi86 4,036 Reputation points
    2023-11-12T20:09:21.51+00:00

    curl.exe 8.4.0.0 will be included with 2023-11 LCUs:

    KB5032196: Win10 1809

    KB5032189: Win10 22H2

    KB5032198: Server 2022

    KB5032192: Win11 21H2

    KB5032190: Win11 22H2/23H2

    KB5032202: Server 23H2

    2 people found this answer helpful.

  2. Tyler Hodges 0 Reputation points
    2023-10-31T17:29:50.8833333+00:00

    Artic Wolf is showing this as a MySql vuln but nothing shows in Defender for Endpoint. Where's the patch?

    0 comments No comments

  3. Anonymous
    2023-12-05T06:51:33.68+00:00

    Hello Alexis Martinez

    Microsoft has included curl.exe version 8.4.0 in the Windows Update released on November 14, 2023, for currently supported on-premises versions of Windows clients and servers.

    You need to manually add the patch of the corresponding version from https://www.catalog.update.microsoft.com/Home.aspx, please refer to this link for the patch of the corresponding version:

    CVE-2023-38545 - Security Update Guide - Microsoft - Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow.

    Best Regards,

    Hania Lian

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.