Microsoft Unable To Issue Quick Fix For Skype Security Flaw

A Skype security flaw could allow attackers to gain system-level privileges to vulnerable computers — and because of the work involved, Microsoft won’t be able to issue a security patch right away.

Allmy / Shutterstock.com

The bug can be found in Skype’s updater process, and will require a “large code revision” to fix. ZDNet was informed of the bug by security researcher Stefan Kanthak. Kanthak said he informed Microsoft about the bug in September, and was told by the company that a fix would arrive in a new version of Skype — not just through a mere security patch.

The flaw in Skype’s update installer can be exploited through use of a DLL hijacking technique, which enables an attacker to insert malicious code that could lead to system access.

What’s The Risk?

Microsoft has confirmed the flaw, according to Engadget. The company gave Engadget a boilerplate sort of statement on investigating security issues. The statement noted that “on issues of low risk, we remediate that risk via our Update Tuesday schedule.​” This particular issue doesn’t seem to qualify.

It seems that Windows machines are most at risk — Kanthak said there are “multiple ways” to use this technique in Windows — but Mac and Linux machines are also susceptible.

It’s unclear just how much of an issue this is for Skype users in the near future, but Engadget points out that a hacker would require physical access to the computer to gain full system access — this doesn’t make a fix seem as urgent.

[It won’t fix this bug, but our article How To Increase Your Skype Security offers tips on Skype privacy and encryption.]

No timeline has been given for when Microsoft may issue a new version of Skype with a longterm fix. We would just note that Skype users should keep their computers close by, especially when in public spaces.

 

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Leave a Comment

Trending News

Follow Us

Reviews