Hello everyone!
This forum post is to notify about Windows vulnerabilities in cURL.exe that has been detected by Vulnerability Manager Plus in your enterprise network.
cURL.exe is present by default in your Windows10 and 11 machines and cURL 7.83.1 version, supported by Microsoft is reported as vulnerable.
The EXE location is C:\Windows\System32\curl.exe
How to upgrade to the latest cURL version?
The cURL vendors have released the latest version but Microsoft has not yet released the fixed cURL version 7.88.1. You need to directly contact Microsoft support to update cURL to the latest version.
Note: You will be able to deploy the patches from Vulnerability Manager Plus console once patches are released by Microsoft.
In case of any queries, kindly contact vulnerabilitymanagerplus-support@manageengine.com