Buy commercial curl support from
WolfSSL. We help you work out your issues, debug your libcurl
applications, use the API, port to new platforms, add new features and more.
With a team lead by the curl founder himself.
Re: Curl vulnerability
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jeffrey Walton via curl-users <curl-users_at_lists.haxx.se>
Date: Thu, 7 Mar 2024 08:32:17 -0500
On Wed, Mar 6, 2024 at 4:41 PM Singh Bisht \ Anand via curl-users
<curl-users_at_lists.haxx.se> wrote:
>
>
> We have vulnerability of Curl in our environment which require to update curl to above or equal to 8.4 version. Could you provide us the steps to upgrade the curl without deleting or modifying the existing curl exe as we will be using deployment tool to update the curl. When we manually try to rename the existing file in order to place latest curl.exe file it gave error which says “ you require permission from trustedinstaller to make changes to file.”
cURL is a default component of Windows. Microsoft should be updating
it. See <https://curl.se/windows/microsoft.html> and
<https://learn.microsoft.com/en-us/virtualization/community/team-blog/2017/20171219-tar-and-curl-come-to-windows>.
Maybe you can reach out to Microsoft Global Security at
<secure_at_microsoft.com>. I think they also respond to
<security_at_microsoft.com>.
Jeff
Date: Thu, 7 Mar 2024 08:32:17 -0500
On Wed, Mar 6, 2024 at 4:41 PM Singh Bisht \ Anand via curl-users
<curl-users_at_lists.haxx.se> wrote:
>
>
> We have vulnerability of Curl in our environment which require to update curl to above or equal to 8.4 version. Could you provide us the steps to upgrade the curl without deleting or modifying the existing curl exe as we will be using deployment tool to update the curl. When we manually try to rename the existing file in order to place latest curl.exe file it gave error which says “ you require permission from trustedinstaller to make changes to file.”
cURL is a default component of Windows. Microsoft should be updating
it. See <https://curl.se/windows/microsoft.html> and
<https://learn.microsoft.com/en-us/virtualization/community/team-blog/2017/20171219-tar-and-curl-come-to-windows>.
Maybe you can reach out to Microsoft Global Security at
<secure_at_microsoft.com>. I think they also respond to
<security_at_microsoft.com>.
Jeff
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-03-07