That Skype Bug That Microsoft Wasn’t Going To Fixed Is Actually Already Fixed

You might recall that I posted a story about a Skype bug that could lead to you getting pwned by hackers, and that Microsoft wasn’t gong to fix it. Well, it’s actually been fixed.

Confused? Yeah. So was I. Hang with me and I’ll explain.

According to Skype program manager Ellen Kilbourne via a support forum post, the vulnerability is present in Skype for Windows versions 7.40 and lower. Last October, Microsoft released version 8 without the flaw. Thus the fix is to upgrade to the latest version.

So, how did we end up with this becoming an issue?

The issue was discovered by German researcher Stefan Kanthak. In the paper where he disclosed this bug, he says this:

“The engineers provided me with an update on this case. They’ve reviewed the code and were able to reproduce the issue, but have determined that the fix will be implemented in a newer version of the product rather than a security update. The team is planning on shipping a newer version of the client, and this current version will slowly be deprecated. The installer would need a large code revision to prevent DLL injection, but all resources have been put toward development of the new client.”

Clearly version 8 was the new client that Microsoft was speaking of. Thus I have to assume that either he believed that Microsoft wasn’t going to do anything, or he mistook what Microsoft said. And as a result he waited three months and disclosed something that had already been fixed. In other words, it was an honest mistake.

And with that, you can go back to using Skype without worrying that you’re going to get pwned.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: