[Solved] "Windows curl" detected as "Insecure"
-
Hi,
Windows curl (x32 or X64) detected as insecure. I assume it must be updated by MS thru Windows Update not by downloading the executable from project source. Am I right?
Regards.
Regards.
-
Thank you for reporting this.
It appears that MS started to ship cURL with Windows at some point. Looking at their Security Update Guide it is not immediately clear that they updated it.
I would be surprised if they didn't, but until we find evidence to support that they do back port security fixes, then we will continue to flag it as insecure.
We will soon start to track and show Windows Updates, as part of that we will try to keep an eye out for evidence of cURL related updates.
Until then, I recommend using the official cURL executable.
-
@Tom : If I am not wrong it is the second time we have this issue with curl. First one was at the very beginning of Secteer.
-
@Tom : https://vulndetect.org/topic/122/solved-7-zip-portable-version-not-detected/3?_=1591035301771 not as old as I remembered !
-
Windows curl not updated but no more displayed as insecure.
So: fixed.