Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: curl in Windows found vulnerable by scanners
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Hans Henrik Bergan via curl-users <curl-users_at_lists.haxx.se>
Date: Thu, 2 Nov 2023 16:47:52 +0100
fixing the built-in curl basically requires mounting the filesystem on
a Linux system and updating the curl.exe from there
- and even that only works until someone runs "sfc /scannow"
better to just wait until Microsoft get their shit together.
On Thu, 2 Nov 2023 at 16:41, Bill Mercer via curl-users
<curl-users_at_lists.haxx.se> wrote:
>
> > I've been told that a new curl version arrives “in a coming security update”.
>
> Removing or replacing the MS version is problematic because its protected under trusted installer.
> For mitigation you can place a newer curl version in a higher path so it gets executed by default, and you can use application control policy to prevent execution of the older versions, but the MS version will still show up if you're doing file scanning, so your best option is probably to request an exception on the scan until MS gets their act together.
>
>
>
>
>
>
>
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
> Etiquette: https://curl.se/mail/etiquette.html
Date: Thu, 2 Nov 2023 16:47:52 +0100
fixing the built-in curl basically requires mounting the filesystem on
a Linux system and updating the curl.exe from there
- and even that only works until someone runs "sfc /scannow"
better to just wait until Microsoft get their shit together.
On Thu, 2 Nov 2023 at 16:41, Bill Mercer via curl-users
<curl-users_at_lists.haxx.se> wrote:
>
> > I've been told that a new curl version arrives “in a coming security update”.
>
> Removing or replacing the MS version is problematic because its protected under trusted installer.
> For mitigation you can place a newer curl version in a higher path so it gets executed by default, and you can use application control policy to prevent execution of the older versions, but the MS version will still show up if you're doing file scanning, so your best option is probably to request an exception on the scan until MS gets their act together.
>
>
>
>
>
>
>
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
> Etiquette: https://curl.se/mail/etiquette.html
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-11-02