Skype nasty security bug without a massive code rewrite

Skype nasty security bug without a massive code rewrite

There is a major flaw or simply a bug within the Skype application during the update process.  The security of your system can allow an attacker to gain system-level privileges to a vulnerable computer.

You can review the comments by clicking this link Skype’s home-grown updater allows escalation of privilege to SYSTEM

In simple terms the bug can allow an unprivileged user to the full SYSTEM level rights thus granting them access to every corner of the operating system.   Microsoft, which owns the voice and video-calling service, said it will not fix the flaw any time soon since the bug would require too much work and man-time.

Possible turning off Skype updates

Bug located by security Kanthak

Security researcher Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which allows an attacker to trick an application into drawing malicious code instead of the correct library. An attacker can download a malicious DLL into a user-accessible temporary folder and rename it to an existing DLL that can be modified by an unprivileged user, like UXTheme.dll. The bug works because the malicious DLL is found first when the app searches for the DLL it needs.

Once installed, Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking.

What is UXTheme.dll ?

UXtheme.dll is a module associated with Microsoft® Windows® Operating System from Microsoft Corporation. Non-system processes like uxtheme.dll originate from software you installed on your system.

Quote from Kanthak
An unprivileged (local) user who is able to place UXTheme.dll or
any of the other DLLs loaded by the vulnerable executable in
%SystemRoot%\Temp\ gains escalation of privilege to the SYSTEM
account.