Skype Security Bug – Why I won’t Use Skype


.

.

.

(click link, above, for article)
.
.
Skype’s Nasty Security bug “can allow an attacker to gain system-level privileges to a vulnerable computer.” “Microsoft, which owns Skype, won’t fix the flaw”
.
“ZDNet reports of a security flaw in Skype’s updater process that “can allow an attacker to gain system-level privileges to a vulnerable computer.” If the bug is exploited, it “can escalate a local unprivileged user to the full ‘system’ level rights — granting them access to every corner of the operating system. What’s worse is that Microsoft, which owns Skype, won’t fix the flaw because it would require the updater to go through “a large code revision.””
.
…”From the report: Security researcher Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which allows an attacker to trick an application into drawing malicious code instead of the correct library. An attacker can download a malicious DLL into a user-accessible temporary folder and rename it to an existing DLL that can be modified by an unprivileged user, like UXTheme.dll. The bug works because the malicious DLL is found first when the app searches for the DLL it needs. Once installed, Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking. The attack reads on the clunky side, but Kanthak told ZDNet in an email that the attack could be easily weaponized. He explained, providing two command line examples, how a script or malware could remotely transfer a malicious DLL into that temporary folder.””

 .

.
.
.
.
.
.
.
.
.
.
.
Advertisements

2 Responses to “Skype Security Bug – Why I won’t Use Skype”

  1. joshuasplanet Says:

    Apologies for an inappropriate use of this space. I cannot see from this website how to put up a post for comment. I am a UK physician who is stymied by my son’s incapacitating and intractable pain.Please can u guide me. Many thanks, Dr Carole Harris

    • Nancy Sajben MD Says:

      It appears you have made this comment, so simply do another. Choose to comment under something more relevant to pain than under the ongoing Skype security bug.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: