The bug, if utilized, can increase a local unprivileged user to the full “system” level rights giving them passage to every edge of the operating system. But Microsoft, which owns the voice and video-calling service, said it won’t quickly fix the flaw because the bug would need too much work.
Security researcher Stefan Kanthak discovered that the Skype update installer could be utilized with a DLL hijacking technique, which allows an intruder to trick an application into drawing malicious code rather of the correct library. An intruder can download a wicked DLL into a user-accessible temporary folder and rename it to an actual DLL that can be changed by an unprivileged user, like UXTheme.dll. The bug works because the malicious DLL is found first when the app queries for the DLL it needs.
Once connected, Skype employs its own built-in updater to keep the software up to date. When that updater runs, it uses a different executable file to run the update, which is exposed to the hijacking.
The attack holds on the clunky side, but Kanthak told News in an email that the strike could be easily weaponized. He described, providing two command line examples, how a script or malware could remotely carry a malicious DLL into that temporary folder.
“Windows provides multiple ways to do it,” he said. But DLL hijacking isn’t limited to Windows, he said noting that it can refer to Macs and Linux, too.
Once “system” rights are gained, an attacker “can do anything,” Kanthak said.
“‘System’ is ‘administrator’ on steroids,” he continued. From there, an intruder could steal files, delete data, or hold data captive by running ransomware.
Kanthak informed Microsoft of the bug in September, but the software giant said beginning a fix would require the updater go through “a large code review.”
The company told him that even though designers “were able to reproduce the issue,” a fix will land “in a newer translation of the product rather than a security update.”
Instead, the business said it’s put “all resources” on establishing an altogether new client.
Take your time to comment on this article.