Libcurl Vulnerability

redbulljager · October 4, 2024, 2:29pm

I was just wanted to throw this out there to see if others are getting the same vulnerability for your Server 2019 and Server 2022 for Libcurl Denial of Service (DoS) Vulnerability - CVE-2024-7264.

From what I get from Microsoft is “The issue will be fixed in an upcoming monthly cumulative update. However, the exact release date is not confirmed and may take 1-2 months or more”. Wasn’t sure if anyone else has heard anything different or trying to remediate it manually or create a fixlet for the vulnerability.

Thanks in advance

DerrickD · October 4, 2024, 2:49pm

you can’t, you have to wait for MS to patch it.

I mean you “COULD”, but it will break patching, repair, and upgrades.

https://curl.se/docs/faq.html#How_do_I_upgrade_curl_exe_in_Win

redbulljager · October 4, 2024, 2:59pm

Thanks for your input. We were planning on just waiting on the Cumulative Update and go from there. Just wanted to get a feel for how others are approaching it.

Jeff · October 4, 2024, 4:43pm

We have also been waiting for the MS patch each time, because of the link above from @derrickd , that it could break Windows Update on the computer.