SecTeer VulnDetect & PatchPro Support Forum VulnDetect
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Download VulnDetect Installer
    • Login

    [Solved] "Windows curl" detected as "Insecure"

    Scheduled Pinned Locked Moved Solved Detection Issues
    5 Posts 2 Posters 337 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      GregAlexandre
      last edited by OLLI_S

      Hi,

      Windows curl (x32 or X64) detected as insecure. I assume it must be updated by MS thru Windows Update not by downloading the executable from project source. Am I right?

      Regards.

      c1dcd23b-2fdc-4873-ba4f-284da304d99a-image.png

      Regards.

      1 Reply Last reply Reply Quote 0
      • T Offline
        Tom VulnDetect Team Member
        last edited by

        Thank you for reporting this.

        It appears that MS started to ship cURL with Windows at some point. Looking at their Security Update Guide it is not immediately clear that they updated it.

        I would be surprised if they didn't, but until we find evidence to support that they do back port security fixes, then we will continue to flag it as insecure.

        We will soon start to track and show Windows Updates, as part of that we will try to keep an eye out for evidence of cURL related updates.

        Until then, I recommend using the official cURL executable.

        /Tom
        Download the latest SecTeer VulnDetect agent here:
        https://vulndetect.com/dl/secteerSetup.exe

        G 1 Reply Last reply Reply Quote 0
        • G Offline
          GregAlexandre
          last edited by

          @Tom : If I am not wrong it is the second time we have this issue with curl. First one was at the very beginning of Secteer. 🙂

          1 Reply Last reply Reply Quote 0
          • G Offline
            GregAlexandre @Tom
            last edited by GregAlexandre

            @Tom : https://vulndetect.org/topic/122/solved-7-zip-portable-version-not-detected/3?_=1591035301771 not as old as I remembered ! 🙂

            1 Reply Last reply Reply Quote 0
            • G Offline
              GregAlexandre
              last edited by

              Windows curl not updated but no more displayed as insecure.
              So: fixed.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

              Please see our Privacy and Data Processing Policy
              Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
              Forum software by NodeBB