The new Skype looks much like a child who swallowed far too many Halloween candies and happened to be facing a monitor during the inevitable outcome; a feature not many requested. Also gone is the ability to program your own add-ins and apply them to Skype to enhance recording and a variety of other features which made the product useful. Microsoft ended that when they took Skype over, however they offer some other less popular features. One such is a vulnerability which allows the unsecure update process to be used to inject nasty DLLs to give SYSTEM level access to an attacker. From what The Inquirer has been able to find out, Microsoft will not be releasing a patch for vulnerable versions but will instead release a new version at some point, without the vulnerability baked in.
Conspicuosly absent from this discussion was the soon to be Team-ed Skype for Business which may or may not feature this particular problem. As it updates through Office 365 it should be safe, but not many security execs are satisifed by 'should'.
"Long story short – there's so much code that would need to be rewritten that it isn't worth it to Microsoft to shore-up this version. What's not quite clear is whether this affects the grotesque UWP version of Skype or just the old desktop version."
Here is some more Tech News from around the web:
- Will John Deere Finally Get Their DMCA Comeuppance? @ Hack a Day
- Meltdown's Linux patches alone add big load to CPUs, and that's just one of four fixes @ The Register
- Still not on Windows 10? Fine, sighs Microsoft, here are its antivirus tools for Windows 7, 8.1 @ The Register
- Amazon Echo Spot @ The Inquirer
- Bitcoin, Ethereum and Cryptocurrency: Ultimate Beginner’s Guide to Mining @ Kitguru
- You can resurrect any deleted GitHub account name. And this is why we have trust issues @ The Register
- AKRacing Solitude Gaming And Working Chair Review @ NikKTech