Hey everyone! I'm currently working on getting Cyber Essentials Plus certified through Qualys, but I've hit a few snags and could really use your help.
1. I'm having trouble updating LibCurl or Curl to the latest version. I've got the latest code, but I can't find a straightforward way to update Curl without risking damage to my Windows 11 OS. Is there a Windows update or a simple method to update Curl?
2. One of my laptops still shows an old version of Visual C++ redistributable in the report, even though I updated it and restarted multiple times. Any idea why this might be happening?
3. I'm also trying to remove or update 'Microsoft.WebMediaExtensions' from the Codecs library. I've tried uninstalling Windows Media Player and all related apps from the Windows Store, but nothing seems to work. Can anyone assist me with this?
I'd really appreciate any guidance on these three issues. Thanks a lot!
3 Answers
Your Qualys report should specify the exact file, folder, or registry key that's triggering the detection. Sometimes, even after updating or uninstalling, there might be leftover files that need to be removed to satisfy the scan.
Honestly, if it’s giving you that much trouble, maybe take a break and learn to bake bread instead. Most of these issues stem from DLLs triggering the alerts. You could investigate that direction if you’re comfortable with it.
When I did CE+ a while back, I found the .NET redistributable was a pain too. You might need to dig through the Program Files and remove any old versions or folders that Qualys flags, even if you think you updated them.
For updating Curl, I used the winget command line tool, which saved me a ton of trouble. If you have access to the Qualys reports, they sometimes include links to patches for the vulnerabilities, which can also help.
I got links to solutions in the report but I'm clueless about what they want me to do, especially on curl.se for the update. I tried running the winget upgrade command and got an error saying 'Data required by the source is missing.' It's been so frustrating!
We had a similar issue with .NET packages; we managed to FTP into users' machines on the VPN and cleaned out the offending packages manually. Might be worth a shot if you can do that!