]]>

Skype can't fix a nasty security bug without a massive code rewrite

Discussion in 'Security and Anti-Virus Software' started by Papusan, Feb 13, 2018.

  1. Papusan

    Papusan BGABOOKS = That sucks!! STAHP! Dont buy FILTH...

    Reputations:
    8,257
    Messages:
    16,608
    Likes Received:
    23,084
    Trophy Points:
    931
    Skype can't fix a nasty security bug without a massive code rewrite-zdnet.com
    The bug grants a low-level user access to every corner of the operating system.

    A security flaw in Skype's updater process can allow an attacker to gain system-level privileges to a vulnerable computer.

    The bug, if exploited, can escalate a local unprivileged user to the full "system" level rights -- granting them access to every corner of the operating system.​

    But Microsoft, which owns the voice- and video-calling service, said it won't immediately fix the flaw, because the bug would require too much work.

     
    Dr. AMK and hmscott like this.
  2. Phoenix

    Phoenix Colonel

    Reputations:
    9,940
    Messages:
    15,961
    Likes Received:
    20,922
    Trophy Points:
    931
    No wonder there hasn't been a Skype update for over a month :rolleyes::rolleyes: The Micro$h4ft clowns have not an idea of how to proceed

    Skype user = [​IMG]
     
    Dr. AMK likes this.
  3. Phoenix

    Phoenix Colonel

    Reputations:
    9,940
    Messages:
    15,961
    Likes Received:
    20,922
    Trophy Points:
    931
    The MSI Installer of Skype which is the lean and clean version with no toolbars, extensions, and minimal to no ads if you know what to put in your HOSTS file is now gone, if you click on the link which used to download the latest version, now it only gives you the option to get the crippled Skype from Windows store which is garbage, I've had a user before who couldn't even see or accept my invitation because he was using the Windows Store Skype not knowing it's crippled and that there is an actual Windows for Desktop Skype~

    OLD MSI Installer for SKYPE RIP = http://www.skype.com/go/getskype-msi
     
    Dr. AMK and Papusan like this.
  4. inm8#2

    inm8#2 Notebook Deity

    Reputations:
    270
    Messages:
    745
    Likes Received:
    297
    Trophy Points:
    76
    Hey, give Microsoft a break - they're too busy destroying the Windows platform to bother fixing such a security flaw. ;)
     
  5. Papusan

    Papusan BGABOOKS = That sucks!! STAHP! Dont buy FILTH...

    Reputations:
    8,257
    Messages:
    16,608
    Likes Received:
    23,084
    Trophy Points:
    931
    Thurrott: Stop the relentless release of new Windows versions
    Posted on February 12th, 2018 at 10:23 woody Comment on the AskWoody Lounge
    Another great post in (paywalled) Thurrott.com premium:

    Apple will slow down the addition of new features to iOS in order to focus on quality. This is exactly the strategy that Microsoft needs to adopt. In fact, it’s years overdue.

    Amen, bro.

    One little observation. Paul says that Microsoft will soon be forced into a three-year support cycle and “at that point, we’re pretty much back to where we started.” Which is correct, but there’s a subtlety: When Windows as a Service gets out to three years of support, there will be six (or more!) versions of Win10 being supported.​

    We’re already on two years with 1511, 1607, 1703 and 1709.

    Version Released End of service Days
    Home/Pro Ent/ Ed for Ent
    Win10 1709 17-Oct-17 9-Apr-19 8-Oct-19 721
    Win10 1703 5-Apr-17 9-Oct-18 9-Apr-19 734
    Win10 1607 2-Aug-16 10-Apr-18 9-Oct-18 798
    Win10 1511 10-Nov-15 10-Oct-17 10-Apr-18 882
    Win10 1507 9-Jul-15 9-May-17 670
    Microsoft’s digging itself into a support nightmare even worse than the one we have today.

    Maybe Micro$haft should follow Apple on this as well? They have already stolen all of their clothes so far. So why not?:rolleyes:
     
    Vasudev, Dr. AMK and inm8#2 like this.
  6. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    810
    Messages:
    685
    Likes Received:
    1,521
    Trophy Points:
    156
  7. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    1,579
    Messages:
    4,918
    Likes Received:
    2,795
    Trophy Points:
    231
    I just updated to Skype desktop app using Win 8 compatibility because UWP app didn't work at all.
     
    Dr. AMK likes this.
  8. Papusan

    Papusan BGABOOKS = That sucks!! STAHP! Dont buy FILTH...

    Reputations:
    8,257
    Messages:
    16,608
    Likes Received:
    23,084
    Trophy Points:
    931
    Earlier this week, details of a serious security gap in Skype appeared. This was related to the software update client and allowed hackers to control the infected system by tricking the program to load malicious DLL files.
    Stefan Kanthak, who discovered the security hole, drew Microsoft attention to the problem, but then received the answer that they will not put resources to remedy it.

    However, Microsoft now announces that the security hole was fixed as with Skype version 8, released in October 2017.
    The security hole is in version 7.40 and earlier of Skype, and the company has now removed it from its website. They tell everyone that updated to the latest version of Skype is already safe when it comes to intrusion using the newly discovered method.
    Microsoft also confirms that the security hole was related to Skype's update client, not the software itself. When discovered, they reported that they are working on a brand new version of Skype, and earlier data tells that this will merge with the company's chat client teams.

    Update on Skype for Windows desktop installer – version 7.40 and lower
     
    Dr. AMK and Vasudev like this.
  9. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    1,579
    Messages:
    4,918
    Likes Received:
    2,795
    Trophy Points:
    231
    Download Skype Desktop App and use W8 compatibility mode to install on W10 because it recommends UWP app which doesn't work correctly.
     
    Dr. AMK likes this.
Loading...

Share This Page