Skype flaw could allow hackers to access your computer

By on
Skype flaw could allow hackers to access your computer

With no dedicated fix apparently coming soon, here’s what you need to know to protect your system.

A security bug has been uncovered in Skype via its update process which could allow hackers to gain access to a user’s computer.

If exploited by an attacker, the flaw could give a local unprivileged user full access to the system level rights, a security expert at Seclists.org has warned, giving access to every part of the operating system.

Furthermore, while Microsoft has published advice on how to avoid this error (for technical users), the tech giant’s developers seem to be “ignoring it”, according to security researcher Stefan Kanthak.

Kanthak informed Microsoft of the bug in September, but according to the Seclists’ reported timeline of the bug, a fix will instead land in a newer version of the product rather than a dedicated security update.

“The [Microsoft] engineers provided me with an update on this case,” he said. “They've reviewed the code and were able to reproduce the issue, but have determined that the fix will be implemented in a newer version of the product rather than a security update.

“The team is planning on shipping a newer version of the client, and this current version will slowly be deprecated. The installer would need a large code revision to prevent DLL injection, but all resources have been put toward development of the new client.”

With no further action made by Microsoft since, Kanthak published the report as a warning to Skype users.

The details

Kanthak explained the security flaw in some detail. “Once installed, Skype uses its own proprietary update mechanism instead of Windows/Microsoft Update,” he said. “[Because] Skype periodically runs '%ProgramFiles%\Skype\Updater\Updater.exe' under the SYSTEM account, when an update is available, [the] Updater.exe copies/extracts another executable as '%SystemRoot%\Temp\SKY<abcd>.tmp' and executes it using the command line: '%SystemRoot%\Temp\SKY<abcd>.tmp" /QUIET'.”

Kanthak explains that this executable is vulnerable to DLL hijacking as it loads at least a DLL file called 'UXTheme.dll' from its application directory named '%SystemRoot%\Temp\' instead of from the Windows' system directory.

“An unprivileged (local) user who is able to place UXTheme.dll or any of the other DLLs loaded by the vulnerable executable in '%SystemRoot%\Temp\' gains escalation of privilege to the SYSTEM account,” he added.

For more detail on DLL security, see this article on the Microsoft Developer Network.

This article originally appeared at IT Pro.

Copyright © ITPro, Dennis Publishing
Tags:

Most Read Articles

You must be a registered member of Business IT to post a comment.
| Register

Poll

How long has your business been operating?
Up to 2 years
2-5 years
5-10 years
More than 10 years
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?