Microsoft Windows Curl Multiple Security Vulnerabilities

redbulljager · November 9, 2023, 6:54pm

Just wanted to throw this out to people in this Forum. Has anyone heard anything if MS will be releasing a patch or will it be rolled up in the November monthly windows cumulative update. The reason I ask is I added the CVE numbers below into the CVE search in BigFix but it is only pulling info for Linux and nothing regarding windows.

CVE-2023-38545
CVE-2023-38546

Affected Versions:
CVE-2023-38545:libcurl from 7.69.0 till 8.3.0
CVE-2023-38546:libcurl from 7.9.1 till 8.3.0

fermt · November 9, 2023, 8:23pm

I remember reading in a forum that Microsoft is still working on an update.
The same is documented here:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-38545

fermt · November 14, 2023, 4:56pm

The November’s CU are supposed to patch the curl vulnerabilities