linuxxx

7y

A quite severe vulnerability was found in Skype (at least for windows, not sure about other systems) allowing anyone with system access (remote or local) to replace the update files skype downloads before updating itself with malicious versions because skype doesn't check the integrity of local files. This could allow an attacker to, once gaining access to the system, 'inject' any malicious DLL into skype by placing it in the right directory with the right file name and waiting for the user to update (except with auto updates of course).

From a company like Microsoft, taking in mind that skype has hundreds of millions of users worldwide, I'd expect them to take a very serious stance on this and work on a patch as soon as possible.

What they said about this: they won't be fixing it anytime soon as it would require a quite big rewrite of skype.

This kinda shit makes me so fucking angry, especially when it comes from big ass companies 😡. Take your fucking responsibility, Microsoft.

rant

microsoft

ms

security

skype

fuck you

vulnerability

not so secure

fucking hell

Ranter

Comments

12

yendenikhil

1964

7y

Are you kidding me? The gall to say like that! I think they are following Apple (the magical character) in that regard then!
33

calmyourtities

22366

7y

but if they fix it then they'll have to update it, making skypes user's vulnerable
11

C0D4

68146

7y

This is incredibly scary. Good thing I don’t use Skype for anything but the fact that they know and allow such a widespread issue and just wash their hands of it as it’s too much work 😡

@yendenikhil apple’s already patched that issue
6

yendenikhil

1964

7y

@C0D4 we use Skype as corporate messenger, with sensitive data! And if Apple patched it (finally!), Is marginally better then!
5

C0D4

68146

7y

@yendenikhil our company took up ms teams instead, so it probably has its own well of vulnerabilities.
15

Root

82508

7y

Lol Skype.
I use it to talk to exactly one person, and only because he's too lazy to give me any other contact info.

I think it's been long enough.
I'm going to yell at him later.
2

jakobev

2402

7y

Never used it. And won't use it.
6

linuxxx

145467

7y

@ramen That doesn't make it less severe or less irresponsible from Microsoft for not patching it.
1

scytheri0n

604

7y

Link please? (It's 00:11 here, I'm too lazy to go search) And which version of Skype does this apply to?
1

JoshBent

25480

7y

.
3

Wallpaper

2596

7y

Microsoft said they fixed it in October 🤔. https://windowslatest.com/2018/02/...
0

C0D4

68146

7y

@eletious

Didn’t get a choice, company moved from slack to teams and block slack, plus having to use it all the time, I just tolerate it.
0

C0D4

68146

7y

@dontbeevil it crashes all the time or freezes up.

Maybe it’s just me but I found slack more stable.
0

PacRat

3990

7y

@Wallpaper ??? not yet
(from the article)
0

Wallpaper

2596

7y

@ParkCity Not sure what to tell ya, article 1 vs article 2 about the same thing but different situation?
0

RoodRallec

145

7y

The most funny thing about that is that Microsoft has several guidances on how to avoid such drama hijacking and is now vulnerable themselves:
Source: http://seclists.org/fulldisclosure/...
Microsoft published plenty advice/guidance to avoid this beginner's
error: https://msdn.microsoft.com/en-us/...,
https://technet.microsoft.com/en-us...,
https://support.microsoft.com/en-us...
and
https://blogs.technet.microsoft.com/...
. .. which their own developers and their QA but seem to ignore!

Related Rants

devRant © 2021 Hexical Labs LLC
Privacy Policy | Terms of Service