SecTeer VulnDetect Support Forum

    VulnDetect

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Download VulnDetect Installer

    [Solved] "Windows curl" detected as "Insecure"

    Solved Detection Issues
    2
    5
    134
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GregAlexandre last edited by OLLI_S

      Hi,

      Windows curl (x32 or X64) detected as insecure. I assume it must be updated by MS thru Windows Update not by downloading the executable from project source. Am I right?

      Regards.

      c1dcd23b-2fdc-4873-ba4f-284da304d99a-image.png

      Regards.

      1 Reply Last reply Reply Quote 0
      • G
        GregAlexandre last edited by

        Windows curl not updated but no more displayed as insecure.
        So: fixed.

        1 Reply Last reply Reply Quote 0
        • G
          GregAlexandre @Tom last edited by GregAlexandre

          @Tom : https://vulndetect.org/topic/122/solved-7-zip-portable-version-not-detected/3?_=1591035301771 not as old as I remembered ! 🙂

          1 Reply Last reply Reply Quote 0
          • G
            GregAlexandre last edited by

            @Tom : If I am not wrong it is the second time we have this issue with curl. First one was at the very beginning of Secteer. 🙂

            1 Reply Last reply Reply Quote 0
            • T
              Tom VulnDetect Team Member last edited by

              Thank you for reporting this.

              It appears that MS started to ship cURL with Windows at some point. Looking at their Security Update Guide it is not immediately clear that they updated it.

              I would be surprised if they didn't, but until we find evidence to support that they do back port security fixes, then we will continue to flag it as insecure.

              We will soon start to track and show Windows Updates, as part of that we will try to keep an eye out for evidence of cURL related updates.

              Until then, I recommend using the official cURL executable.

              /Tom
              Download the latest SecTeer VulnDetect agent here:
              https://vulndetect.com/dl/secteerSetup.exe

              G 1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

              Please see our Privacy and Data Processing Policy
              Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
              Forum software by NodeBB