Skype security flaw gives local access to your computer

A security bug has been uncovered in Skype via its update process which could allow hackers to gain access to a user’s computer.

If exploited by an attacker, the flaw could give a local unprivileged user full access to the system level rights.

“Once installed, Skype uses its own proprietary update mechanism instead of Windows/Microsoft Update,” said security researcher Stefan Kanthak. “[Because] Skype periodically runs ‘%ProgramFiles%\Skype\Updater\Updater.exe’ under the SYSTEM account, when an update is available, [the] Updater.exe copies/extracts another executable as ‘%SystemRoot%\Temp\SKY<abcd>.tmp’ and executes it using the command line: ‘%SystemRoot%\Temp\SKY<abcd>.tmp” /QUIET’.” – Skype security flaw ‘ignored’ by Microsoft could let hackers into your computer, by Rene Millman, PC Authority, February 15, 2018

Microsoft, has not responded to the vulnerability, seems the fix requires a lot more work to resolve and will be resolved in a larger new update rather than a security update.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Powered by WordPress.com.

Up ↑

%d bloggers like this: