Slashdot Mirror

← Back to Stories (view on slashdot.org)

Skype Can't Fix a Nasty Security Bug Without a Massive Code Rewrite (zdnet.com)

Posted by BeauHD on from the back-to-the-drawing-board dept.

ZDNet reports of a security flaw in Skype's updater process that "can allow an attacker to gain system-level privileges to a vulnerable computer." If the bug is exploited, it "can escalate a local unprivileged user to the full 'system' level rights -- granting them access to every corner of the operating system." What's worse is that Microsoft, which owns Skype, won't fix the flaw because it would require the updater to go through "a large code revision." Instead, Microsoft is putting all its resources on building an altogether new client. From the report: Security researcher Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which allows an attacker to trick an application into drawing malicious code instead of the correct library. An attacker can download a malicious DLL into a user-accessible temporary folder and rename it to an existing DLL that can be modified by an unprivileged user, like UXTheme.dll. The bug works because the malicious DLL is found first when the app searches for the DLL it needs. Once installed, Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking. The attack reads on the clunky side, but Kanthak told ZDNet in an email that the attack could be easily weaponized. He explained, providing two command line examples, how a script or malware could remotely transfer a malicious DLL into that temporary folder.

5 of 151 comments (clear)

  1. Re:Russians! by Anonymous Coward · · Score: 2, Funny

    Trump himself said he did it. He said "no collusion", which in Trump-speak means "I colluded".
    We are slowly realises that whatever Trump says, he means the opposite. "Largest ever inauguration crowd" means it wasn't. "Building a wall" means he won't.

    The Trump fans took Trump seriously, but not literally. The general pubic took Trump retardedly, but not unretardedly.

  2. Linux is MORE vulnerable by Anonymous Coward · · Score: 3, Funny

    Just look at the stats. Failing Linux has had hundreds of CVE's in just the last year with a lot more and worse severities than all the current versions of amazing Windows *combined*. If you want to trust your computer to be secure, you are better off with Windows than littul linux. It's a simple fact, easily proven, but completely politically incorrect to say here which is everyone knows it is true.

    1. Re: Linux is MORE vulnerable by mSparks43 · · Score: 4, Funny

      I miss the days when every hacker under the sun would regularily release 0days for free that let you infect windows machines just by sending a skype message. Now you got to pay :( - or understand russian :)

  3. Re:Linux not vulnerable by Anonymous Coward · · Score: 4, Funny

    Quit being a DLLdo. Windows and Linux libraries are entirely different.

  4. Re: Linux not vulnerable by WarJolt · · Score: 3, Funny

    LD_PRELOAD is not enough for privilege escalation. You need more, like a buggy Microsoft product. Maybe Skype for Linux....