This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
From our security scan we have a higher vulnerability of curl version 7.68 on Windows server 2022 and the recommended to fix the vulnerability is to update curl to 8.4.0 or above version . Please have a look and advise.
Regard,
Hamimu.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
This is not for installations that ship with windows! MS need to ship the updated curl.exe since they made it part of the system.
The maintainer himself advises the following: https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/
Please advise when MS are going to do this.
Thanks
so what KB MS provided to update to Curl 8.4?
so what KB MS provided to update to Curl 8.4?
There isn't any. Check their CVE page daily if and when patches are released-->
Microsoft is fully aware of this issue and is actively working to release version 8.4.0 of curl.exe in a future Windows update for currently supported, on-premise versions of Windows clients and servers. The Security Updates table for this CVE will be updated with the Windows update KB numbers for all supported versions as they are released
Hello everyone there is a way to update this vulnerability I was able to do it successfully on Windows server 2019.
Step 1: Go to https://www.msys2.org/ and download the installer. Also Git will need to be installed as well https://git-scm.com/downloads
Step 2: After downloading MSYS2, open the application. Copy the following commands in order. If you're doing it from the command prompt , use "set" instead of "export".
You should now have the latest curl 8.4.0! :)
References: https://learn.microsoft.com/en-us/vcpkg/users/platforms/mingw
