Yay, a huge security problem!
Microsoft confirmed yesterday that Skype has a security flaw that could allow attackers access to system-level privileges on vulnerable computers. According to security researcher Stefan Kanthak, who discovered the bug, says the update can be tricked into loading malicious code instead of the proper update.
All an attacker would need to do is put a fake DLL into a user accessible temp folder, with the name of an existing DLL that doesn’t require system privileges. They’d still need access to your file system, but Kanthak says that once theyhad that, they could do anything.
Microsoft doesn’t plan on just patching the issue, though. They’re rebuilding the program, which will be distributed as a new version update. While they’ve said they’re putting “all resources” into the update, but there’s no word on when it will drop.
Source: Engadget