I was just wanted to throw this out there to see if others are getting the same vulnerability for your Server 2019 and Server 2022 for Libcurl Denial of Service (DoS) Vulnerability - CVE-2024-7264.
From what I get from Microsoft is “The issue will be fixed in an upcoming monthly cumulative update. However, the exact release date is not confirmed and may take 1-2 months or more”. Wasn’t sure if anyone else has heard anything different or trying to remediate it manually or create a fixlet for the vulnerability.
Thanks for your input. We were planning on just waiting on the Cumulative Update and go from there. Just wanted to get a feel for how others are approaching it.
Looks like this vuln may be patched in the latest Cumulative. However, the patch is showing CVE-2024-6197 remediated and not CVE-2024-7264 so haven’t dug deeper yet to confirm.
Yeah, I went by what CVE number we had in our reporting tool. I did see Curl CVE-2024-6197 was released. We just started patching and I checked a couple, and it looks like that has remediate my concern with the CVE-2024-7264. Thank you for the input on this and good luck with this month’s patching for you.
I checked that our server is updated now to curl 8.9.1 with the October Microsoft patches. However a Tenable scan of our server will show it is still vulnerable since Tenable is looking for 8.10.0, while I see on the curl.se site they have 8.10.1 available now. I think Microsoft is still behind and will need another update for Tenable scans to look OK.