Microsoft Fix REC Bug In Skype

Microsoft fixed a vulnerability in its instant messaging app Skype that could be exploited by attackers to execute arbitrary remote code on the system or to phish credentials. This vulnerability, dubbed “Spyke” was discovered by an independent security researcher Zacharis Alexandros in the Windows versions of Skype. The vulnerability primarily affects Windows clients installed on public machines, such as libraries, airports, or on smart televisions but users of other OS’s might be vulnerable. The attackers would require local access to the login screen of a running Skype instance to exploit the vulnerability. The Skype instance contains an embedded Internet Explorer browser for authentication purpose. Attackers can circumvent this normal authentication process to abuse the app’s login via Facebook functionality to convert Skype into "Spyke", an "owned" malicious process. Once compromised, attackers can use Skype to Fingerprint the Internal Browser (IE), Execute code in the context of the Skype process, Phish credentials and finally to cover communication traces. Microsoft addressed the vulnerability a month ago with the release of the updated version but has not provided any public acknowledgement.

Best Practice:
Pushing this patch update in your system will bring you to safer side.
Update this kind of software to latest version.


post made by
newWorld