Skype is an instant messaging app developed by Microsoft that provides online text message and video chat services. It helps users to transmit both text and video messages and exchange digital documents such as images, text, and video. Enterprises employ Skype's conference calls for business meet ups and discussions. Hacker's did figure out the mere importance of this application for enterprises and have unleased a virus for Skype app, exploiting its zero day vulnerability.
Common Vulnerability Scoring System (CVSS) has granted a score of 7.2 for this Skype vulnerability. This skype virus impacts Microsoft Skype app version 7.2, 7.35, and 7.36 and causes Stack buffer overflow, which allows attackers to remotely crash the application with an unexpected exception error, to overwrite the active process registers, and to execute malicious code.
This skype virus breaches your network when the clipboard function of Skype app comes into use. For example: When a user takes a screenshot and shares it with another user via Skype message box. This vulnerability allows attackers to use a remote computer with a shared clipboard and initiate a stack buffer overflow on transmission to Skype app. It allows attackers to crash the application or execute remote codes on affected and connected computers.
A succesful attack is not limited to this manual exploitation. Attackers can locally prepare the cache and clipboard of a computer to exploit other connected computers too.
Note: Exploitation of this buffer overflow software vulnerability requires no user interaction and successful exploitation can even compromise your system's process, by overwriting the registers.
Enterprises and user's with the latest Skype versions are safe and free from this threat while those using versions 7.2, 7.35 and 7.36 are still vulnerable. Its highly recommended for enterprises to employ the latest patches for Skype and stay vigilant against this menacing stack buffer overflow.
Microsoft resolved this vulnerability and developed a fix which was released by 26th June in Skype version 7.37.178. Users should make sure their application is up-to-date to protect themselves from this threat an stay safe.
Threats like this have become quite frequent and annoying to enterprises, patching number of third party application for hundreds of computers periodically is going to be tiresome and time consuming. IT administrators must be able to patch Windows, Mac, Linux and third party applications from a centralized location, and this is exactly what ManageEngine Desktop Central can do for you.
Download Desktop Central now to patch your Skype app and stay vigilant against this sneaky Skype virus.