Hi @ll, in December 2017, Microsoft announced to ship curl.exe and tar.exe with Windows 10: But they failed once again, MISERABLY, at least for curl: they took the sources released 2017-11-14, let them rot for 2 years, applied some patches, only to let them rot again since then! | C:\Users\Public>winver | Microsoft Windows [Version 10.0.19042.1083] | | C:\Users\Public>curl -V | curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL | Release-Date: 2017-11-14, security patched: 2019-11-05 | Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp | Features: AsynchDNS IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL Version 7.55.1 is 34 releases and at least 15 (in words: FIFTEEN) CVEs behind the current version 7.79.1: see and Most obviously Microsoft's processes are so bad that they can't build a current version and have to ship ROTTEN software instead! stay tuned, and far away from such poorly maintained crap Stefan Kanthak Timeline ~~~~~~~~ 2021-07-21 Vulnerability report sent to vendor 2021-07-22 Vendor acknowledged receipt, opened MSRC case 66388 2021-07-26 Vendor confirmed vulnerability 2021-08-05 Vendor announced fix, scheduled for release on 2021-10-12 2021-10-12 NO FIX RELEASED Instead, the "security" update ships the vulnerable component built 2019-08-12: see | curl.exe,7.55.1.0,12-Aug-2019,19:46,"386,048" | curl.exe,7.55.1.0,12-Aug-2019,20:28,"421,376" | curl.exe,7.55.1.0,12-Aug-2019,19:46,"386,048" ... | Windows 10 version 1809 LCU Arm64-based,,,, | File name,File version,Date,Time,File size | curl.exe,7.55.1.0,12-Aug-2019,19:37,"330,240" ... | curl.exe,7.55.1.0,12-Aug-2019,19:46,"386,048" ... | curl.exe,7.55.1.0,12-Aug-2019,20:22,"435,712"