Skype Can’t Fix a Nasty Security Bug Without a Massive Code Rewrite

Are you a frequent user of Skype? If so, you might want to rethink your usage. Luckily, there are several good, much more secure, alternatives. ZDNet reports that a security flaw in Skype’s updater process can allow an attacker to gain system-level privileges to a vulnerable Windows computer. If the bug is exploited, it “can escalate a local unprivileged user to the full ‘system’ level rights — granting them access to every corner of the operating system.” What’s worse is that Microsoft, which owns Skype, won’t fix the flaw because it would require the updater to go through “a large code revision.”

Luckily, the security apparently only affects Windows systems, not Macintosh or Linux or handheld devices. The bug uses a DLL hijacking technique. Luckily, DLL files are Windows-specific and are not used in the other operating systems.

Details may be found at http://www.zdnet.com/article/skype-cannot-fix-security-bug-without-a-massive-code-rewrite/.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s