Huge Skype vulnerability will not be fixed by Microsoft any time soon

by Olivia Morelli - -

Microsoft cannot fix Skype bug without huge code revision

Microsoft won't fix Skype vulnerability on Windows

Cybersecurity analysts report about Skype vulnerability which allows hackers to gain access to computer's system account[1]. The bug resides in application's automatic update feature and would require a massive code rewrite which is not only time-consuming but expensive as well. Likewise, it is more likely that Microsoft will need to issue a new version of Skype rather than simply patch the bug.

According to Stefan Kanthak, a security researcher says that the vulnerability which is present in Skype's update service could be exploited to get full access to the user's chat[2]. This puts the privacy of Skype users at risk since not only private information could be exposed but also misused for phishing purposes or blackmail. Now crooks are more motivated than ever to update Skype virus.

DLL hijacking technique helps criminals exploit the vulnerability

The technique called DLL hijacking refers to the replacement of legitimate Microsoft library with the malicious one. An attacker needs to infiltrate the malicious DLL file onto victim's computer and rename it exactly the same as the original one[3]. This way, the application would search for the library and find malicious DLL file first.

Every time Skype launches it checks for updates automatically. Once it ran the updater, it would use a different executable file and which is precisely vulnerable to DLL hijacking. Even though some criminals might struggle to drop the malicious DLL file on the targeted computer, there are many ways how it may be done.

While sending spam emails with infected attachments or loading DLL through shady websites is an option, IT specialist explains that there is an easier way — a malicious script or malware could remotely transfer DLL file into a temporary folder as well[4].

Microsoft chose to release a new version of Skype rather than a simple patch

Microsoft has confirmed that fixing the bug was possible. However, the software giant pointed out that it would require too much work[5]. Researcher specified the nature of the work as a huge code revision to fix the bug which would be time-consuming.

However, Microsoft said that it's releasing an update anyway which will now be accompanied by a new version of Skype. It is evident that the company is not going to eliminate the vulnerability despite the fact that users are currently at risk. It means that criminals still have a chance to steal and delete data or infiltrate ransomware on the targeted Windows computers. 

Prevent websites, ISP, and other parties from tracking you

Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.

A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.

Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.

 

Recover your lost files quickly

Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.

Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.

Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.

About the author
Olivia Morelli
Olivia Morelli - PC & Mac repair expert

Olivia Morelli is a young, but a perspicacious IT expert who is currently just a year away from a Bachelor’s Degree in Software Systems. Her primary passion is cyber security, however, thanks to her detailed understanding of computer networks, operating systems and hardware, she can find a fix for any PC or Mac issue...

Contact Olivia Morelli
About the company Esolutions

References


Your opinion regarding Huge Skype vulnerability will not be fixed by Microsoft any time soon