Microsoft won't immediately fix a vulnerability in its Skype for Windows app

Skype Windows 10

Skype for Windows 10

The security report made by Kanthak throws some shade at Microsoft's engineers, noting that Microsoft issues advice to developers to avoid writing software that is vulnerable in this exact way - advice "which their own developers and their QA but seem to ignore!", he wrote. What's worse is that Microsoft isn't planning on fixing the flaw, at least for now, because it amounts to rewriting the entire app update installer.

Microsoft has confirmed a nasty flaw in Skype that could allow nefarious individuals to gain complete access the OS with system-level privileges on affected machines.

Winter Olympics: Japanese snowboarder Yuto Totsuka in scary crash during halfpipe final
Following the impact with the lip, Totsuka rolled down to the bottom of the halfpipe, which is 22 feet from the lip. Totsuka had just begun his second of three runs and appeared to be attempting a complex trick when disaster struck.

Essentially, that means that an attacker exploiting the flaw could takeover a user's PC, downloading files, tapping passwords and leaving behind backdoors and other malware. Kanthak warned Microsoft about the vulnerability back in September and provided two different mitigations. The company was able to reproduce the issue on their own computers.

Stefan Kanthak, a security researcher claims that the bug is in the Skype update service, and if exploited, the hacker will get admin access to users chat. The bug works because the malicious DLL is found first when the app searches for the DLL it needs. Microsoft is not planning to update the Skype Updater tool, instead they will release this fix in a newer version of Skype app. In their response to him, they said a new version of the Skype client, addressing this issue would be issued and that the current, vulnerable version would "slowly be deprecated".

Omarosa offered sex to Piers Morgan to win 'Celebrity Apprentice,' he says
I love Jesus, but he thinks Jesus tells him to say things - I'm like, 'Jesus didn't say that.' Scary". On the 12th of February, Manigault dished on Donald Trump and Mike Pence on the CBS reality show.

Skype might be an unsuspecting app to target a user, because the app runs at the same level of privileges at the local, logged-in user, making it hard for attackers to do much with that low level of access.

Instead, the company said it's put "all resources" on building an altogether new client.

Nokia 8 Gets Android 8.1 Oreo Update
The update also corrects the much talked about hamburger emoji and also includes the February Google Security Patch. As you can see in the screenshots below the February security update for Nokia 3 is around 89.3 MB in size.

Latest News