daniel:// stenberg://Apr 24, 2023

Do NOT. I repeat. Do NOT remove curl.exe from your Windows System32 folder to silence a (stupid) security scanner. It will lead to tears and sorrows.

And if you do, please don't ask *me* for help when you've broken your Windows install. I can't fix that.

Show threaddaniel:// stenberg://Apr 24, 2023

Why do people remove it? Because NVD has exaggerated a curl security flaw to an inflated level, and now "security scanners" insist that the bundled curl executable has a "high severity" security flaw and scaremongers people into removing it.

And then they realize Windows update refuses to work.

Are we sure this is the best we can do?

Show threadutzer [Friendica]Apr 24, 2023
@bagder well, those removing the curl.exe, can easily download a new curl.exe from somewhere on the internet. 😁
Show threaddaniel:// stenberg://Apr 24, 2023
@Utzer that's exactly what they did and thought. And yes, they could and did. And then Windows update does not work for them anymore.
Show threadutzer [Friendica]Apr 24, 2023
@bagder oh, so you mean even if you get the right exe, say copied from the other computer, it still does not work?
Show threaddaniel:// stenberg://Apr 24, 2023
@Utzer I don't know exactly what has been tested or not so I can't tell. I suspect something like that *could* be done to restore the state.
Show threadCesar

@bagder @utzer I haven't used Windows for a long time, but I recall reading that, on modern Windows, a lot of the files in system32 are actually hardlinks to files in winsxs. If that's the case for curl.exe, just restoring the file might not be enough, since windows update might need it to still be a hardlink to the correct place.

The correct solution is most probably to use a command to reinstall the file from the original copy, be it winsxs, the install media, or even windows update.

Apr 24, 2023 at 10:07amWeb
Show threadutzer [Friendica]Apr 24, 2023
@cesarb ah, I don't really use Windows as well, I just remember this was working in Windows XP and maybe in 7. @bagder