A new security vulnerability in Skype for Windows desktop was revealed yesterday. Skype desktop app comes with its own updater tool that periodically runs to keep the Skype app up to date. When an update is available, Updater tool copies/extracts another executable as “%SystemRoot%\Temp\SKY.tmp” and executes it using the command line
“%SystemRoot%\Temp\SKY.tmp” /QUIET. A security researcher has found that this executable is vulnerable to DLL hijacking.
It loads at least UXTheme.dll from its application directory %SystemRoot%\Temp\ instead from Windows’ system directory. An unprivileged (local) user who is able to place UXTheme.dll or any of the other DLLs loaded by the vulnerable executable in %SystemRoot%\Temp\ gains escalation of privilege to the SYSTEM account.
This vulnerability was report to Microsoft and Microsoft’s response is quite sad. Microsoft is not planning to update the Skype Updater tool, instead they will release this fix in a newer version of Skype app.
The team is planning on shipping a newer version of the client, and this current version will slowly be deprecated.
As the current Skype app would need a large code revision to prevent the above described DLL injection, Microsoft has decided not to fix it. However, Microsoft mentioned that all the resources have been put toward development of the new client. Skype UWP app is not affected by this vulnerability.