A major bug has been discovered in Microsoft’s Skype application, but the company won’t patch the vulnerability because of how much work it would require. The bug itself allows attackers to obtain system-level control by exploiting the update installer. Experts say the attack method is on the clunky side but could be turned into a powerful weapon with just a few lines of code. Hackers could have remote access to an entire operating system with ease.
When the discoverer of the bug reached out to Microsoft, he learned that their engineers could replicate the problem, but revising the updater code itself to repair it would be too labor-intensive. The company is instead pooling its resources into building an entirely new client. For damage to be caused, the victim must be an administrator or above, but so far, the vulnerability is present and unprotected.