Microsoft is bored: an important security breach was discovered last year in Skype. If the publisher of Redmond is usually quick to correct this type of vulnerability, it is that it poses a big problem to Microsoft, which would be forced to rewrite much of the software code to overcome it. Which does not seem absolutely planned in Microsoft's planning.
No luck for the 300 million Skype users around the world. A good big flaw is currently affecting the client version of the software, especially its update tool. While Microsoft usually fixes this kind of bug in a few days, even in a few weeks, we learn through the ZDNet site that this flaw will not be filled in the immediate future. The flaw is based on the Skype update executable, which is different from the main software program. In theory, this allows a hacker to obtain high rights of administration of a machine. It is even more dangerous once exploited, the hacker can steal the data of the user, erase them or install a ransomware.
The flaw was discovered last year by Stefan Kanthak, a security researcher. Microsoft was informed of this problem in September and was able to replicate the feat of Stefan Kanthak. But the giant Redmond has not yet been able to correct it: "a fix will arrive in a new version of the software rather than via a security update". According to information obtained by ZDNet, Microsoft prefers to focus on developing a new Skype client. The vulnerability is left as is for the moment.
This is not the first time that the messaging software is caught in the turmoil. Last month, Skype was paying the price for a bug from Electron, an application development framework. But Microsoft was eager to fix it.
0 comments:
Post a Comment