Tech
Major bug forces Microsoft to rebuild Skype for Windows
Skype has fallen foul of a security flaw that can allow attackers to gain system-level privileges to vulnerable computers, Microsoft has confirmed.
However, the company won’t immediately fix the issue because doing so would require a complete code overhaul.
The bug was discovered by security researcher Stefan Kanthak, who says the Skype update can be nefariously tweaked to trick an application into drawing incorrect code instead of the right library.
This would let a hacker download malicious code and put it into a user-accessible temporary folder, renaming it to an existing DLL that could be modified by anyone without system privileges.
Read also: Facebook losing younger users in UK to Snapchat, research reveals
According to Kanthak, once system access is granted, an attacker “can do anything”. However, the hacker would require physical access to the computer to do this.
Kanthak told Microsoft about the vulnerability — which could let hackers steal files, delete data or run ransomware — back in September, and the company acknowledged a fix would require “a large code revision”.
Speaking to ZDNet, Kanthak said that even though Microsoft was able to reproduce the issue, a fix will only arrive “in a newer version of the product rather than a security update”, the implication being that patching the issue would require too much work.
Microsoft said it put “all resources” into building a new client, but has not revealed when that’s likely to land. We’ve reached out to Microsoft for comment.
RipplesNigeria… without borders, without fears
Click here to join the Ripples Nigeria WhatsApp group for latest updates.
Join the conversation
Support Ripples Nigeria, hold up solutions journalism
Balanced, fearless journalism driven by data comes at huge financial costs.
As a media platform, we hold leadership accountable and will not trade the right to press freedom and free speech for a piece of cake.
If you like what we do, and are ready to uphold solutions journalism, kindly donate to the Ripples Nigeria cause.
Your support would help to ensure that citizens and institutions continue to have free access to credible and reliable information for societal development.
German Police bust alleged Nigerian scam dating ring
German authorities have arrested eleven individuals suspected of being members of a Nigerian mafia group involved in a large-scale dating...
INVESTIGATION: In Kwara, multimillion-naira milk processing plant is abandoned, converted to a chicken outlet
After the government spent millions of naira to establish a milk processing plant in Kwara State that would provided jobs...
SPECIAL REPORT: For Sokoto communities, promise of healthcare is akin to death sentence
In this story, ABDULRASHEED HAMMAD delves into the dire realities of Primary Health Care services in Sokoto State, shedding light...
ICYMI…SPECIAL REPORT: NNPCL hides behind PIA to frustrate disclosure, accountability
Nigeria’s major oil company, Nigerian National Petroleum Corporation Limited (NNPCL), in what appears to be a common practice of disregard...
INVESTIGATION: Multi-million naira Ekiti resort center remains uncompleted a decade after
The multimillion-naira project, expected to comprise recreational buildings, now consists of cassava farmland, a bush used for excretion, and a...