Categories: Technology

Skype bug could give hackers full control of PC, but Microsoft will not fix it right away

Microsoft has had a bad time last month after the potential threat linked to Spectre and Meltdown, affecting almost all major chip makers including Intel, AMD, and ARM was uncovered. Microsoft issued an update to resolve it but that also went wrong, wrecking some AMD-powered PCs. And now, the software giant is looking forward to resolving another major security flaw in Skype for Windows but it needs more time for that.

Recently, a security researcher Stefan Kanthak has discovered a bug which may cause a Skype update into loading malicious code instead of the right library. The hacker would simply need to put a fake DLL into a user-accessible temporary folder, with the name of an existing DLL that could be modified by anyone without system access. As of now, Microsoft has confirmed that Skype is currently experiencing a security flaw that can endow attackers with system-level access.

However, Microsoft will not immediately fix the issue because doing so would require a complete code revamping. The bug is attributed to the Skype automatic update function which can be altered to trick the application into allocating permissions by inserting incorrect code. According to Kanthak,

“They’ve reviewed the code and were able to reproduce the issue, but have determined that the fix will be implemented in a newer version of the product rather than a security update.”

It appears that Microsoft will not be issuing a security update instead Skype will undergo a major revision later in which the bug will get fixed. According to an official statement by the company,

“We have a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is that on issues of low risk, we remediate that risk via our Update Tuesday schedule.”

It must be noted that the security flaw is only limited to the full Skype program on the desktop, meaning users of the Universal Windows Platform (UWP) application will face no issues.

Sponsored
Sajeel Syed

I am a writer at TechJuice, overseeing IT, Telecom, Cryptocurrency, and other tech-related features here. When I'm not working, I spend some of my time with good old Xbox 360 and the rest in social activism. Follow me on Twitter: https://twitter.com/sajeelshamsi

Share
Published by
Sajeel Syed

Recent Posts

PTA Finalizes Initial VPN Trial, Full Block on Unregistered Networks Starts December

The Pakistan Telecommunication Authority (PTA) has wrapped up its initial trial aimed at identifying and…

27 mins ago

Govt Seeks World Bank Approval to Revise Punjab’s $200M Health and Education Plan

The government has contacted the World Bank to restructure the $200 million Punjab Human Capital…

1 hour ago

Temu App Gains Ground, but Is It Safe for Shoppers?

In an era where e-commerce has revolutionized shopping, apps like Temu have emerged, promising a…

2 hours ago

Rawalpindi Division Schools Set to Reopen Amid Improved Smog Conditions

RAWALPINDI: Schools in the Rawalpindi Division are set to reopen and resume normal classes from…

3 hours ago

Lahore AQI Peaks at 500 Today Despite Smog Restrictions

LAHORE: Severe pollution continues to engulf Lahore, driving air quality to hazardous levels and ranking…

3 hours ago

Punjab Increases Kisan Card Holders to 750,000, Offering Rs 18 Billion for Agricultural Purchases

LAHORE: The Punjab government has issued an additional 250,000 Chief Minister Kisan Cards, bringing the…

4 hours ago