[Solved] "Windows curl" detected as "Insecure"
-
Hi,
Windows curl (x32 or X64) detected as insecure. I assume it must be updated by MS thru Windows Update not by downloading the executable from project source. Am I right?
Regards.
Regards.
-
Thank you for reporting this.
It appears that MS started to ship cURL with Windows at some point. Looking at their Security Update Guide it is not immediately clear that they updated it.
I would be surprised if they didn't, but until we find evidence to support that they do back port security fixes, then we will continue to flag it as insecure.
We will soon start to track and show Windows Updates, as part of that we will try to keep an eye out for evidence of cURL related updates.
Until then, I recommend using the official cURL executable.
-
@Tom : If I am not wrong it is the second time we have this issue with curl. First one was at the very beginning of Secteer. :-)
-
@Tom : https://vulndetect.org/topic/122/solved-7-zip-portable-version-not-detected/3?_=1591035301771 not as old as I remembered ! :)
-
Windows curl not updated but no more displayed as insecure.
So: fixed.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login