How to Deal with Curl Vulnerabilities in Microsoft Products

The author of the post asks how security teams handle Curl vulnerabilities in Microsoft products, citing examples CVE-2025-0167 and CVE-2024-7264. The vulnerable Curl binary is either integrated with Microsoft SQL Management Studio or resides in System32. The author mentions having read that one should not manipulate System32 binaries unless it comes from official Microsoft updates and asks how others manage these types of vulnerabilities, especially if the endpoints are not exposed to the Internet.