Yay, a huge security problem!

Microsoft confirmed yesterday that Skype has a security flaw that could allow attackers access to system-level privileges on vulnerable computers. According to security researcher Stefan Kanthak, who discovered the bug, says the update can be tricked into loading malicious code instead of the proper update.

All an attacker would need to do is put a fake DLL into a user accessible temp folder, with the name of an existing DLL that doesn’t require system privileges. They’d still need access to your file system, but Kanthak says that once theyhad that, they could do anything.

Microsoft doesn’t plan on just patching the issue, though. They’re rebuilding the program, which will be distributed as a new version update. While they’ve said they’re putting “all resources” into the update, but there’s no word on when it will drop.

Source: Engadget

About Author

B. Simmons

Based out of Glendale California, Bryan is a GAMbIT’s resident gaming contributor. Specializing in PC and portable gaming, you can find Bryan on his 3DS playing Monster Hunter or at one of the various conventions throughout the state.

See author's posts