A security bug has been uncovered in Skype via its update process which could allow hackers to gain access to a user’s computer.
If exploited by an attacker, the flaw could give a local unprivileged user full access to the system level rights.
“Once installed, Skype uses its own proprietary update mechanism instead of Windows/Microsoft Update,” said security researcher Stefan Kanthak. “[Because] Skype periodically runs ‘%ProgramFiles%\Skype\Updater\Updater.exe’ under the SYSTEM account, when an update is available, [the] Updater.exe copies/extracts another executable as ‘%SystemRoot%\Temp\SKY<abcd>.tmp’ and executes it using the command line: ‘%SystemRoot%\Temp\SKY<abcd>.tmp” /QUIET’.” – Skype security flaw ‘ignored’ by Microsoft could let hackers into your computer, by Rene Millman, PC Authority, February 15, 2018
Microsoft, has not responded to the vulnerability, seems the fix requires a lot more work to resolve and will be resolved in a larger new update rather than a security update.
Leave a Reply