A new bug has been discovered in Skype’s updater which can potentially allow hackers to gain complete access to a user’s system. First reported by security expert Stefan Kanthak at Seclists.org, the bug can be exploited to gain unrestricted access to every part of the operating system.
According to Kanthak:
“Once installed, Skype uses its own proprietary update mechanism instead of Windows/Microsoft Update…[Because] Skype periodically runs ‘%ProgramFile%\Skype\Updater\Updater.exe’ under the SYSTEM account, when an update is available, [the] Updater.exe copies/extracts another executable as ‘%SystemRoot%\Temp\SKY<abcd>.tmp” /QUIET’.”
Kanthak goes on to explain that it is because of the aforementioned executable that the updater is vulnerable. Hackers can make use of DLL highjacking as the executable loads at least one DLL file called ‘UXTheme.dll’ from its application directory instead of loading its from the Windows system directory.
If a local user is able to place the UXTheme.dll or any of the other DLLs loaded by the vulnerable executable, the user will be able to gain access to the SYSTEM account. Microsoft has already released ways to avoid the vulnerability, but Kanthak claims that the company’s developers seem to be ignoring the issue.
Kanthak adds that he alerted Microsoft about the bug back in September, but the company has not released a fix. According to Seclists’ reported timeline of the bug, Microsoft is expected to release a fix in a newer version of Skype, instead of rolling out a dedicated security update, as the latter option would be too painstaking giving the company’s development cycle.