• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Download VulnDetect Installer
  • Login
SecTeer VulnDetect & PatchPro Support Forum VulnDetect
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Download VulnDetect Installer
  • Login

[Solved] "Windows curl" detected as "Insecure"

Scheduled Pinned Locked Moved Solved Detection Issues
5 Posts 2 Posters 367 Views 2 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G Offline
    GregAlexandre
    last edited by OLLI_S 6 Jun 2020, 12:20 31 May 2020, 16:09

    Hi,

    Windows curl (x32 or X64) detected as insecure. I assume it must be updated by MS thru Windows Update not by downloading the executable from project source. Am I right?

    Regards.

    c1dcd23b-2fdc-4873-ba4f-284da304d99a-image.png

    Regards.

    1 Reply Last reply Reply Quote 0
    • T Offline
      Tom VulnDetect Team Member
      last edited by 31 May 2020, 18:17

      Thank you for reporting this.

      It appears that MS started to ship cURL with Windows at some point. Looking at their Security Update Guide it is not immediately clear that they updated it.

      I would be surprised if they didn't, but until we find evidence to support that they do back port security fixes, then we will continue to flag it as insecure.

      We will soon start to track and show Windows Updates, as part of that we will try to keep an eye out for evidence of cURL related updates.

      Until then, I recommend using the official cURL executable.

      /Tom
      Download the latest SecTeer VulnDetect agent here:
      https://vulndetect.com/dl/secteerSetup.exe

      G 1 Reply Last reply 1 Jun 2020, 18:34 Reply Quote 0
      • G Offline
        GregAlexandre
        last edited by 1 Jun 2020, 18:31

        @Tom : If I am not wrong it is the second time we have this issue with curl. First one was at the very beginning of Secteer. 🙂

        1 Reply Last reply Reply Quote 0
        • G Offline
          GregAlexandre @Tom
          last edited by GregAlexandre 6 Jan 2020, 18:35 1 Jun 2020, 18:34

          @Tom : https://vulndetect.org/topic/122/solved-7-zip-portable-version-not-detected/3?_=1591035301771 not as old as I remembered ! 🙂

          1 Reply Last reply Reply Quote 0
          • G Offline
            GregAlexandre
            last edited by 6 Jun 2020, 11:44

            Windows curl not updated but no more displayed as insecure.
            So: fixed.

            1 Reply Last reply Reply Quote 0
            3 out of 5
            • First post
              3/5
              Last post
            Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

            Please see our Privacy and Data Processing Policy
            Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
            Forum software by NodeBB