See here
Is there any particular KB that would take care of curl update to 8.4.0
Is there any particular KB that would take care of curl update to 8.4.0
if yes what is that KB number?
Windows Server
1 answer
Sort by: Most helpful
-
Michael Taylor 49,056 Reputation points
2024-04-29T17:35:55.8533333+00:00 -
Varma 1,190 Reputation points
2024-04-29T18:01:43.1733333+00:00 HI Michael,
But document not show which KB is required exactly?
-
Michael Taylor 49,056 Reputation points
2024-04-29T18:06:36.7533333+00:00 The link I gave links to the CVE which is tied to the vulnerability that 8.4 is supposed to fix. If you go to the CVE page then it provides a list of the KBs/downloads for the various versions of Windows. You would use the version appropriate for your OS.
If you read the last comment in the same link then it also clarifies that
The update to curl 8.4.0 was already provided in November 2023 cumulative updates on November 14, 2023
. So if you have the CU for Nov 2023 then the update is already applied. You can review that update to see what exact KB was installed that fixes the issue for your OS. -
Varma 1,190 Reputation points
2024-04-30T11:16:26.2433333+00:00 HI Michael,
I have gone through document, but Nov 14, 2023 release does not have any KB or not showing KB to download? or am i missing something?
-
Varma 1,190 Reputation points
2024-04-30T11:17:26.2866667+00:00 test123
-
Michael Taylor 49,056 Reputation points
2024-04-30T14:17:40.3566667+00:00 Did you look at the link I gave for the CVE with the links to the updates for each OS version? Does this not have what you need? I'm trying to figure out exactly why you're looking for a KB article. Do you not have the latest Windows update installed? It would have the fix.
-
Varma 1,190 Reputation points
2024-04-30T14:32:01.89+00:00 Hi Michael,
Okay, We use update manager and it is scheduled every week it includes all KBS. may be it might have missed because I am not able to figure out because when I verify history it is succeeded.
but not sure why few machines are not having curl 8.4.0
so now to fix that what is the KB i should use, i have gone through document but not much clear on which one to pick to fix this upgrade to 8.4.0
-
Michael Taylor 49,056 Reputation points
2024-04-30T14:38:52.4833333+00:00 What OS version and update is it missing on?
-
Varma 1,190 Reputation points
2024-04-30T15:02:28.2733333+00:00 I will check and let you know. thank you.
-
Varma 1,190 Reputation points
2024-05-07T19:44:14.1266667+00:00 Hi Michael,
Here is the OS and other details of virtual machines, in this case can you suggest which KB I need to install for the respective VM?
What I have noticed few machines are using windows 10 and windows server 2022
Looking forword to hear from you
-
Michael Taylor 49,056 Reputation points
2024-05-07T20:21:16.67+00:00 Wait a second. Only the first and last one's are actually going to be resolved by a KB. All the others are applications that ship with their own copy of the curl library and therefore don't use the version shipped with the OS.
The second and fifth one's are using Notepad++ that ships with libcurl. To fix those you'll need to update Notepad++ on these machines. Based upon the version these are really, really out of date. Update to the latest version of Notepad++ to resolve this issue, hopefully.
The third one appears to be a SalesForce addin for Office. It is also using its own copy of curl so you'll need to update the addin to a newer version, assuming they have fixed it.
The fourth one is VS2019. I cannot find any mention of VS 2019 updates with curl but based upon the path it looks like the Git workload. Update your instance of VS 2019 to the latest update and see if that resolves your issue.
For Windows 10 it looks like you're on 22H2 so the KB is KB5032189. Or install Nov 2023 update or newer.
For Server 2022 it appears the KB is KB5032198.
-
Varma 1,190 Reputation points
2024-05-08T02:30:41.9533333+00:00 HI Michael,
Thank you.
1.
so updating notepad++ will take care of updating curl also?
2.
Regarding Sales force adding for office, what exactly I need to udpate here?so whatever I am going to do with office version does it take care of curl update also?
3.
and can you suggest for below machine as well?
-
Michael Taylor 49,056 Reputation points
2024-05-08T14:04:32.32+00:00 - No, updating Notepad++ won't touch curl.exe which ships with the OS. The error report you posted didn't mention the OS as having an issue. What it found was an app that uses the curl library (where the vulnerability is at). Updating Notepad++ should resolve that vulnerability in the app and remove it from your list. When you rerun your analysis it may then complain about something else (I don't know how your tool works).
- I have no knowledge of SalesForce but I assume that toolset is installed on the machine. You'll need to look on the machine for any SalesForce related stuff (or ask someone who probably installed it) and update it. This is not part of Office proper AFAIK so MS doesn't have any updates for it.
- This is the MS Teams Windows Store app. Update the app.
Please note that the assumption with security is that you're keeping all your apps up to date. It doesn't look like these machines have any sort of application updates applied and therefore are vulnerable. You should review all your machines and ensure they are running the latest update for any installed software (Microsoft or otherwise). This should resolve your issue. Windows Updates will only handle Windows components and, if opted in, MS products that are on the Windows Update catalog. The bulk of your apps won't be in that list.
Sign in to comment -