The ePatching and Security Assurance Teams are aware of the increase in Tenable findings for Curl < 7.87 on Windows-based Operating Systems and are monitoring the situation. It appears that a fix for this will have to come from Microsoft. The vulnerability is classified as a “Medium” severity and is not currently on CISA’s list of Known Exploitable Vulnerabilities. The Information Security Office is watching to see if Microsoft will patch this with or before the March cumulative update release.
For more information, see:
