A zero-day vulnerability on Skype for Windows desktop was yesterday unearthed. As security experts explain it, Skype desktop app has an updater tool, which keeps on checking for new updates and updates the app.
Whenever the updater finds a new update, it copies/extracts the executable file as %SystemRoot%TempSKY.tmp. The updater executes the file using command line %SystemRoot%TempSKY.tmpQUIET. Well, things are starting to get too technical and geeky from here, but if that is your thing, you can get the full information here.
Well, as the security researcher explains at the link above:
It loads at least UXTheme.dll from its application directory %SystemRoot%Temp instead from Windows’ system directory. An unprivileged (local) user who is able to place UXTheme.dll or any of the other DLLs loaded by the vulnerable executable in %SystemRoot%Temp gains escalation of privilege to the SYSTEM account.
Microsoft reaction when it was informed is astonishing
The good thing is that this vulnerability has already been reported to Microsoft; the owner of Skype. So you should be safe if you got Skype installed on your system, right? Wrong! In response to this zero-day vulnerability to Skype, Microsoft …read more