Discovered by researcher Stefan Kanthak, a new Skype flaw can allow an attacker to gain total control of the operating system by granting system access to a local, unprivileged user.
Apparently, the bug works by using a DLL hijacking technique that allows an attacker to misdirect the Skype update installer into installing malicious code, instead of the intended updates. When installing updates, Skype uses another executable for the built-in updater component of the voice and video chat application, and this process is vulnerable to hijacking.
An attacker could hijack the update process by downloading a malicious DLL into a temporary folder and renaming it to match a legitimate DLL that can be modified by an unprivileged user, like UXTheme.dll. When the installer tries to find the relevant file, it will find the malicious DLL first, and thereby install the offending code.
“Windows provides multiple ways to do it,” cautioned Kanthak, while referring to DLL hijacking. He also added that other operating systems like macOS and Linux, as well, can be affected in a similar fashion.
Kanthak warned that the attack can be easily weaponised, and that getting system-level privileges would be like “‘administrator’ on steroids”, allowing an attacker to do virtually anything.
While Microsoft was informed of the security flaw in its software by Kanthak back in September, the Redmond giant has chosen to not fix the problem for the time being as it would require a large amount of code to be rewritten. Instead, the company is opting to delay the fix to the next major update to Skype, as it focuses on building a new client altogether.
It was revealed last month that Skype was vulnerable to another critical flaw, this time relating to a larger bug in all Electron-based applications. Thankfully, Microsoft pushed the relevant fixes soon after in that case.