![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 10%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Hello, Thank you for raising the question.
Regarding a specific release timeline, Microsoft does not typically pre-announce release dates for security updates for individual components. This is a standard security practice to protect customers.
When an update for a third-party component like curl is validated and ready for deployment, it is serviced and delivered via Windows Update. These patches are most often included in the monthly Cumulative Updates.
The best way to determine if a specific CVE has been addressed by Microsoft is to monitor the MSRC Security Update Guide. This is the definitive source for information on security vulnerabilities in Microsoft products.
You can search the MSRC portal directly for CVE-2024-9681. If a Windows update has been released to address this vulnerability, all relevant details, including the affected products and the KB articles that contain the fix, will be listed there.
Hope this provides clarity on the process.
Best regards.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.999999999999996%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ3%3C/text%3E%3C/svg%3E)