X-Industry

Severe Skype Vulnerability

Posted by Aureanna Hakenson on February 28, 2018 at 1:37pm

TACTICAL CYBER INTELLIGENCE REPORT

Actor Type: II
Serial: TR-18-058-002
Countries: IN, CN
Report Date: 20180221

Severe Skype Vulnerability

A serious vulnerability has been identified in Skype that could allow attackers to gain full control of the target machine by granting system-level privileges to a local, unprivileged user.

The vulnerability has been discovered[1] and reported to Microsoft by a security researcher.  The vulnerability resides in Skype's update installer, which is susceptible to Dynamic Link Libraries (DLL) hijacking.

Impact

An attacker can exploit the functionality of the current Windows DLL loader during the upgrade process while loading the DLL searches. The DLL must be loaded first in the same directory in which the process binary resides and then in other directories.

Figure 1 – Skype app in Windows Store

When Skype's update installer tries to find the relevant DLL file, it will find the malicious DLL first and will thus install the malicious code.

Microsoft was informed of the Skype vulnerability in September 2017.  Microsoft subsequently discovered a patch that would require Skype to update a “large code revised” installer.  Because of this, Microsoft decided not to patch this vulnerability because the fix would require a significant software rewrite.  Rather than releasing a security update, Microsoft decided to build an altogether new version of the Skype client that would address the vulnerability.

The vulnerability only affects the Skype for the desktop app, which uses its update installer that is vulnerable to the DLL hijacking technique.  The Universal Windows Platform (UWP) app version available from the Microsoft Store for Windows 10 PCs is not affected.

Prevention and Mitigation Strategies

The vulnerability only affects the desktop application; therefore, it is not recommended to use this version.  Our customers should use UWP app version from Windows Store.

For questions or comments regarding this report, please contact the lab directly by at 603-606-1246, or feedback@wapacklabs.com

 

[1] https://capec.mitre.org/data/definitions/471.html

Views: 26
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!