February 14, 2018 IBOMLLC Team

Skype suffers a critical security flaw, and Microsoft tells you to wait a little while before they fix it

Innov8tiv
Innov8tiv – Blacks In Technology in USA, UK, Caribbean Islands & Africa

A zero-day vulnerability on Skype for Windows desktop was yesterday unearthed. As security experts explain it, Skype desktop app has an updater tool, which keeps on checking for new updates and updates the app.

Whenever the updater finds a new update, it copies/extracts the executable file as %SystemRoot%TempSKY.tmp. The updater executes the file using command line %SystemRoot%TempSKY.tmpQUIET. Well, things are starting to get too technical and geeky from here, but if that is your thing, you can get the full information here.

Well, as the security researcher explains at the link above:

It loads at least UXTheme.dll from its application directory %SystemRoot%Temp instead from Windows’ system directory. An unprivileged (local) user who is able to place UXTheme.dll or any of the other DLLs loaded by the vulnerable executable in %SystemRoot%Temp gains escalation of privilege to the SYSTEM account.

Microsoft reaction when it was informed is astonishing

The good thing is that this vulnerability has already been reported to Microsoft; the owner of Skype. So you should be safe if you got Skype installed on your system, right? Wrong! In response to this zero-day vulnerability to Skype, Microsoft …read more

Read more here:: Skype suffers a critical security flaw, and Microsoft tells you to wait a little while before they fix it

      

IBOM LLC

We're passionate about your business and we only offer the best solutions.