Skype: vulnerability requires the development of a new application

A security flaw in the Skype update process could allow an attacker to gain system administrator privileges.

The , can give an unprivileged local user full “system” rights – essentially giving them access to every function of the OS.

However, Microsoft, which is behind the service, said that it will not immediately correct the defect, because it requires too much work….Skype or Whatsapp

The security researcher Stefan Kanthak found that the Skype update installer could use with a DLL breach technique, which allows an attacker to trick an application into adding malicious code instead of the correct library.

An attacker could download a malicious DLL to a temporary user-accessible folder and rename it to an existing DLL that could be modified by a user without administrator privileges, such as UXTheme.dll.

The error works because the malicious DLL is the first thing the application finds when it searches for the DLL it needs.

Once installed, Skype uses its own built-in updater to keep the software up to date.

The researcher even clarified that the it's very easy on Windows, but it's not limited to Windows. According to Stefan Kanthak and what he reported on ZDNet, the attack can be applied to both Mac and Linux systems.

Needless to say, once the attacker has acquired "system" privileges, he can do anything.

Kanthak informed Microsoft of the bug in September, but the company said a new patch would require updater to go through "a major code overhaul."

The company said that although its engineers "were able to reproduce the issue," the fix will come "in a newer version of and not with a security update”.

The company also stated that it has "all the resources" to develop a completely new client.

Note that Skype is an application that runs at the same level of privileges as the logged in user, which makes it difficult for intruders if the logged in user is not an administrator. This vulnerability, however, makes the application very dangerous.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.083 registrants.

clientcrackerdenuvoI'm surelibrary

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).