Social Media

Skype suffers a critical security flaw, and Microsoft tells you to wait a little while before they fix it

A zero-day vulnerability on Skype for Windows desktop was yesterday unearthed. As security experts explain it, Skype desktop app has an updater tool, which keeps on checking for new updates and updates the app.

Whenever the updater finds a new update, it copies/extracts the executable file as %SystemRoot%\Temp\SKY.tmp. The updater executes the file using command line %SystemRoot%\Temp\SKY.tmp\QUIET

. Well, things are starting to get too technical and geeky from here, but if that is your thing, you can get the full information here.

Well, as the security researcher explains at the link above:

It loads at least UXTheme.dll from its application directory %SystemRoot%\Temp\ instead from Windows’ system directory. An unprivileged (local) user who is able to place UXTheme.dll or any of the other DLLs loaded by the vulnerable executable in %SystemRoot%\Temp\ gains escalation of privilege to the SYSTEM account.

Microsoft reaction when it was informed is astonishing

The good thing is that this vulnerability has already been

reported to Microsoft; the owner of Skype. So you should be safe if you got Skype installed on your system, right? Wrong! In response to this zero-day vulnerability to Skype, Microsoft says they are indeed going to update the Skype Updater tool, but just not right now.

Instead, they will fix the update in a newer version

of the Skype app they are planning to release in the near future. Currently, you will have to make do; I wonder if uninstalling Skype and turning to its competition like Hangout or Messenger will suffice their ‘make do for now.’ Microsoft in a statement addressing the problem said:

The team is planning on shipping a newer version of the client, and this current version will slowly be deprecated.

It appears the current Skype app needs a large set of code to fix the problem and stop the DLL injection. Instead of going down that route, Microsoft has instead decided to deprecate it and develop a new one.

The vulnerability does not affect Skype UWP app. So if you really must have Skype, uninstall the desktop app and install the UWP version.

Milicent Atieno

Proud Kenyan Citizen, loving everything Tech related.

Recent Posts

5 Key Types of Customer Needs

No matter what type of business you’re running, understanding consumer needs in marketing is paramount.…

4 days ago

5 Fundamental Data Science Principles That Can Be Used in Any Industry

Data science is regarded as one of the most exciting fields because of its virtually…

4 days ago

Should You Bother Obtaining Nofollow Backlinks?

There is absolutely no doubt that Nofollow backlinks get a bad press and you couldn’t…

4 days ago

5 Reasons Why Your Business Needs To Be Tech Savvy

Pixabay CC0 License Every modern business will now use modern tech in some shape or…

5 days ago

Tech Solutions to Improve Your Business

Not every single business challenge has a tech solution. Sometimes, what you need is better…

5 days ago

5 Pieces of Tech Your Business Must Have

With all the technology available today, it’s hard to decide on which equipment and software…

5 days ago