Microsoft's Skype for Windows desktop app appears to be suffering from a pretty serious vulnerability, one that the company won't immediately fix. He described it as a "system-level" security vulnerability.
The security flaw can be exploited even if the victim is logged into their computer as a standard user.
Skype might be an unsuspecting app to target a user, because the app runs at the same level of privileges at the local, logged-in user, making it hard for attackers to do much with that low level of access. Skype was not something that hackers used to be interested in but it seems that has changed.
Bristol Palin's short marriage is over, reports say
Meyer has filed for divorce from the 27-year-old public speaker after nearly two years of marriage, according to Daily Mail . Sources close to the couple, who Wednesday in 2016, have confirmed to TMZ that they're living under separate roofs.
There's a gaping hole in Skype's update installer which could potentially allow an attacker to gain full control over the host machine, and what's more, this isn't something Microsoft can patch against right now, with the software giant having to put off the fix until a future version of the Skype app is rolled out. Kanthak explained that attackers would use an unprivileged user such as "UXTheme.dll" to do this. Security researcher has revealed that a potential attacker could exploit the "functionality of the Windows DLL loader where the process loading the DLL searches for the DLL to be loaded first in the same directory in which the process binary resides and then in other directories (e.g., System32)". If an attacker exploits this preferential search order, they can make the loading process load the their own rogue DLL rather than the legitimate DLL.
He described Microsoft as taking a lackadaisical approach to the issue.
The researcher added: "The [Microsoft] engineers provided me with an update on this case". In the same response, Microsoft promises to develop and ship a newer version of the client. But it said the fix would require the Skype updater go through "a large code revision".