CVE-2022-43552

FAQ

What is the curl open-source project?

Curl is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for "Client for URL". The Windows implementation provides access to the command-line tool, not the library.

What version of curl addresses this CVE?

Curl version 7.87.0 addresses this vulnerability.

Where can I find more information about this curl vulnerability?

More information can be found at NVD and curl.se

Are there any workarounds that can be implemented?

Preventing the execution of curl.exe is a workaround to be considered

Use a WDAC policy to deny execution of the \system32\curl.exe executable. You can merge the deny into an existing policy or create a new policy with it using the Merge-CIPolicy cmdlet; Merge-CIPolicy (ConfigCI) | Microsoft Learn. Once the policy XML file with the deny has been created or merged with an existing policy it must be deployed.

Choose how to deploy the policy; Deploying Windows Defender Application Control (WDAC) policies | Microsoft Learn

• Deploy using a Mobile Device Management (MDM) solution, such as Microsoft Intune
• Deploy using Microsoft Configuration Manager
• Deploy via script
• Deploy via group policy

For example:

Create a new policy: (These steps will create a new policy named Deny-Curl.xml by merging the deny using the example policy named AllowAll.xml)

Merge into an existing policy

How to undo this workaround?

Guidance for how to remove WDAC policies can be found in the following documentation: Remove Windows Defender Application Control (WDAC) policies