Jump to content

Welcome to 2019! Happy New Year and Best Wishes to you and your family!  - Fearless Assassins Team!

Sign in to follow this  

There’s a security flaw in Skype which is apparently too hard to fix right now

Recommended Posts

There’s a gaping hole in Skype’s update installer which could potentially allow an attacker to gain full control over the host machine, and what’s more, this isn’t something Microsoft can patch against right now, with the software giant having to put off the fix until a future version of the Skype app is rolled out.

The flaw was uncovered by a security researcher, Stefan Kanthak, who found that the Skype update installer can be exploited with a DLL hijacking technique, which fools the app into utilizing malicious code rather than Microsoft’s intended code.

The good news, such as it is, is that leveraging this is far from a trivial affair, but on the other hand, the researcher told ZDNet (which reported this affair) that the attack could be “easily weaponized”.

There are multiple possible paths of exploit on Windows, as outlined by Kanthak, who further observed that this isn’t specific to Microsoft’s desktop OS, with macOS and Linux users also potentially vulnerable to these DLL hijacking shenanigans.

Malware mayhem

The bug allows the attacker to gain system-level privileges, meaning the potential havoc that can be wreaked pretty much runs the entire gamut of malicious activity, from stealing or deleting files to installing malware on the host PC.

Perhaps the worse-still news for Skype users is that Microsoft can’t actually patch the current Skype software to defend against the exploit, because to do so would essentially involve a massive revision of the updater’s code – apparently so big that it’s impractical to consider.

The researcher told Microsoft about the flaw last September, and said that the software giant was able to reproduce the issue, and rather than patching with a security update now, is planning to build the fix into a later version of Skype.

So, the bottom line is Skype users will remain potentially vulnerable to this cross-platform bug for the foreseeable future, which isn’t an ideal situation, obviously.

And if that prospect is prompting you to consider alternatives to Microsoft’s software for the time being, we’ve rounded up the best free Skype alternatives right here.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, TF2 & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. .


Important Information

By using this site, you agree to our Terms of Use.