• News
  • Science

Microsoft might not fix Skype vulnerability in the immediate future

Microsoft might not fix Skype vulnerability in the immediate future

Security researcher Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which allows an attacker to trick an application into drawing malicious code instead of the correct library. Security researcher has revealed that a potential attacker could exploit the "functionality of the Windows DLL loader where the process loading the DLL searches for the DLL to be loaded first in the same directory in which the process binary resides and then in other directories (e.g., System32)". The bug is applicable on both macOS and Windows desktop platforms. Despite it being a big flaw, Microsoft is reportedly not planning to fix the issue anytime soon. However fixes will be delivered in a new version of the Skype client rather than an update as it is "too much work", to complete the bug fix now, says the source. Skype UWP app is not affected by this vulnerability.

ZDNet explains that Skype has its own built-in updater and when it runs it uses another executable file to run the update, which is vulnerable to the hijacking.

The security expert informed Microsoft of the bug in September, but according to the Seclists' reported timeline of the bug, a fix will instead land in a newer version of the product rather than a dedicated security update. The company was able to reproduce the issue on their own computers. Once trespassed, hackers could potentially copy or delete critical files, install rogue apps, access confidential information, and do pretty much anything possible to the infected system.

The result, if exploited would mean that an ordinary user account would get all the privileges of a SYSTEM user.

"The team is planning on shipping a newer version of the client, and this current version will slowly be deprecated".

With no further action made by Microsoft since, Kanthak published the report on Friday as a warning to Skype users.

Leave Your Comment

Leave Your Comment


Latest News

Breaking News



Recommended

Flu Deaths Rise As CDC Unsure if We've Hit Peak Season

The highest number of deaths were reported in the age group of less than 6 months and then babies between 6 and 23 months of age. More than 500 cases of the flu have been reported through late January with at least two more months of flu season remaining.

Bowman Nabs Daytona Pole

Earnhardt tweeted congratulations to his replacement, who also won a Cup pole while filling in for Earnhardt in 2016. Denny Hamlin will join Bowman on the front row after reaching 195.092 miles per hour during his qualifying run.

Trump Administration Budget Aims Lunar Exploration

The White House considered asking for $19.6 billion overall for NASA , 2.6% more than in the current fiscal year. The government has cited higher priorities at the US space agency for backing the cancellation.

Indian police arrest most-wanted terrorist from Nepal border

Delhi Police claimed at least 165 people were killed and 535 injured in blasts in which Junaid was suspected to be involved. In three years, from 2014 till 2017, he met many IM sympathisers and in 2017, he started coming to India, police said.

Ravens-Bears to meet in Hall of Fame Game on Aug. 2

The early exhibition game means the Bears potentially could report to training camp July 18 and begin practicing July 19. He was selected All-Pro five times, voted to eight Pro Bowls and named to the NFL All-Decade Team of the 2000s.

Apple HomePod Tips & Tricks: How To Use HomePod Properly

If the Music app has been uninstalled, something Apple has allowed you to do since iOS 10, this set up process gets stuck. These songs are both largely acoustic, and I'd say that songs from this genre perform particularly well on the HomePod.

Amazon laying off hundreds of corporate employees

The company is also looking at setting up its second headquarter, where it plans to fill almost 50,000 new workers. For the employees affected, the company works trying to find new roles in areas where hiring is taking place.

Qualcomm Snapdragon X24 LTE modem sampling started

That's a lot of jargon, but here's the key takeaway: the X24 can sustain high peak download speeds even on congested networks. In the uplink, the Snapdragon X24 LTE supports Category 20 upload speeds with 3×20 MHz CA and up to 256-QAM.

I gave $130000 to porn star Stormy Daniels, says Trump lawyer

She also made an appearance on Jimmy Kimmel's show after Trump's state of the union address last month . The White House did not immediately respond to a request for comment late Tuesday night.

India register first-ever ODI Series win in South Africa

Overall, Kohli is placed 16th in the world with South Africa's AB de Villiers just ahead of him with 9515 runs in 226 ODIs. Hashim Amla's 71 and Heinrich Klaasen's 39 were the only takeaways for the hosts, soon after which they collapsed for 201.