The security report made by Kanthak throws some shade at Microsoft's engineers, noting that Microsoft issues advice to developers to avoid writing software that is vulnerable in this exact way - advice "which their own developers and their QA but seem to ignore!", he wrote. What's worse is that Microsoft isn't planning on fixing the flaw, at least for now, because it amounts to rewriting the entire app update installer.
Microsoft has confirmed a nasty flaw in Skype that could allow nefarious individuals to gain complete access the OS with system-level privileges on affected machines.
Germany Proposes Free Public Transport to lower Urban Emissions
Several courts in Germany were also independently mulling imposing a driving ban on diesel vehicles in the worst-affected cities.
Essentially, that means that an attacker exploiting the flaw could takeover a user's PC, downloading files, tapping passwords and leaving behind backdoors and other malware. Kanthak warned Microsoft about the vulnerability back in September and provided two different mitigations. The company was able to reproduce the issue on their own computers.
Stefan Kanthak, a security researcher claims that the bug is in the Skype update service, and if exploited, the hacker will get admin access to users chat. The bug works because the malicious DLL is found first when the app searches for the DLL it needs. Microsoft is not planning to update the Skype Updater tool, instead they will release this fix in a newer version of Skype app. In their response to him, they said a new version of the Skype client, addressing this issue would be issued and that the current, vulnerable version would "slowly be deprecated".
Two shootings on St. Charles parade route leave 3 injured
If you know anything about either Mardi Gras Day shootings, you can phone-in an anonymous tip to CrimeStoppers at 504-822-1111. Costumes are a huge part of the Mardi Gras celebrations in the French Quarter, and Tuesday's designs did not disappoint.
Skype might be an unsuspecting app to target a user, because the app runs at the same level of privileges at the local, logged-in user, making it hard for attackers to do much with that low level of access.
Instead, the company said it's put "all resources" on building an altogether new client.
Don't use ZTE, Huawei phones - USA intelligence chiefs
The Chinese group added that the USA government is actively trying to undermine its business operations in the US market. According to 9to5Google, Huawei recruited people to write fake Mate 10 Pro reviews on Best Buy .