Vicious Skype Security Exploit May Require Extensive Code Overhaul

Woman Skype Laptop Home Computer Internet

Woman Skype Laptop Home Computer Internet

With no further action made by Microsoft since, Kanthak published the report on Friday as a warning to Skype users. However, he adds that the company isn't interested in patching the flaw.

Security researchers had warned Microsoft about the flaw back in September 2017. He described it as a "system-level" security vulnerability.

The security flaw can be exploited even if the victim is logged into their computer as a standard user.

Microsoft Skype Messenger is very popular with people and it comes in handy not only for personal use but business use as well.

In order to exploit the bug, the attacker first has to drop the DLL file on a system through a malicious site, email and there are many other ways to do that. Wording has also been updated to clarify that Skype is the app being tricked into loading malicious code. Kanthak explained that attackers would use an unprivileged user such as "UXTheme.dll" to do this.

"%SystemRoot%\Temp\SKY.tmp" /QUIET. A security researcher has found that this executable is vulnerable to DLL hijacking.

He described Microsoft as taking a lackadaisical approach to the issue.

MICROSOFT HAS said that it won't be rushing to fix a vulnerability in its vehicle sick messenger app Skype because it's too much like hard work.

"The [Microsoft] engineers provided me with an update on this case", he said. German security researcher Stefan Kanthak has discovered the vulnerability and it seems that the issue can not be patched easily and will require a " large code revision", this means that you will need to wait for the next update in order for the issue to be fixed. "The installer would need a large code revision to prevent DLL injection, but all resources have been put toward development of the new client". In the same response, Microsoft promises to develop and ship a newer version of the client. If your computer has the dirty DLL file, the malicious library would load when the users launch Skype and it checks for updates.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.