Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
RE: curl in Windows found vulnerable by scanners
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Bill Mercer via curl-users <curl-users_at_lists.haxx.se>
Date: Thu, 2 Nov 2023 15:41:31 +0000
> I've been told that a new curl version arrives “in a coming security update”.
Removing or replacing the MS version is problematic because its protected under trusted installer.
For mitigation you can place a newer curl version in a higher path so it gets executed by default, and you can use application control policy to prevent execution of the older versions, but the MS version will still show up if you're doing file scanning, so your best option is probably to request an exception on the scan until MS gets their act together.
Date: Thu, 2 Nov 2023 15:41:31 +0000
> I've been told that a new curl version arrives “in a coming security update”.
Removing or replacing the MS version is problematic because its protected under trusted installer.
For mitigation you can place a newer curl version in a higher path so it gets executed by default, and you can use application control policy to prevent execution of the older versions, but the MS version will still show up if you're doing file scanning, so your best option is probably to request an exception on the scan until MS gets their act together.
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-11-02