New Skype Bug Could Provide Unrestricted Access to Hackers

A new problems has been discovered in Skype's updater which tin can potentially allow hackers to gain complete access to a user's organization. Commencement reported by security expert Stefan Kanthak at Seclists.org, the bug can be exploited to proceeds unrestricted access to every office of the operating system.

According to Kanthak:

"Once installed, Skype uses its own proprietary update mechanism instead of Windows/Microsoft Update…[Because] Skype periodically runs '%ProgramFile%\Skype\Updater\Updater.exe' nether the Arrangement business relationship, when an update is bachelor, [the] Updater.exe copies/extracts another executable as '%SystemRoot%\Temp\Sky<abcd>.tmp" /Tranquillity'."

Kanthak goes on to explain that information technology is because of the aforementioned executable that the updater is vulnerable. Hackers can make utilize of DLL highjacking as the executable loads at to the lowest degree 1 DLL file called 'UXTheme.dll' from its awarding directory instead of loading its from the Windows system directory.

If a local user is able to place the UXTheme.dll or any of the other DLLs loaded past the vulnerable executable, the user volition be able to proceeds access to the SYSTEM account. Microsoft has already released ways to avert the vulnerability, simply Kanthak claims that the company's developers seem to be ignoring the issue.

Kanthak adds that he alerted Microsoft about the bug back in September, but the company has not released a fix. According to Seclists' reported timeline of the issues, Microsoft is expected to release a fix in a newer version of Skype, instead of rolling out a dedicated security update, as the latter option would exist too painstaking giving the company's development bike.

Source: https://beebom.com/skype-bug-unrestricted-access/

Posted by: greenequareatunto.blogspot.com

Share this post