A Major Bug Forces Microsoft to Rebuild Skype for Windows
Security researchers have recently revealed a major security loophole in Skype which could allow malicious attackers to gain system-level privileges in PCs. The problem can lead to systems being compromised on the Windows, Mac, & Linux platforms. However, Microsoft is not planning to immediately fix the issue.
The Mac Observer has pointed out that currently Microsoft will not be closing the backdoor as it would require rewriting of the entire app update installer. According to the report, the security flaw is related to the app update installer, & if exploited can let hackers gain the administrator-level access to affected systems.
The security flaw could even be exploited if the victim is logged into their computer as a standard user. Once trespassed, malicious attacker can potentially delete or copy important files, access confidential information, install rogue apps, as well as do anything possible to the infected system.
Security researchers had warned Microsoft about the flaw in last September and the software giant was able to reproduce the issue. However, as security researcher Stefan Kanthak notes, the company is going to treat the bug in the newer version of Skype rather than a security update.
The reason quoted is, “the installer would need a large code revision to prevent DLL injection.” This means that for now the Skype vulnerability will remain untreated. In the same response, the software giant has promised to develop as well as ship a newer version of the client and the current version would then be slowly deprecated.