Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

"Kevin Beaumont" wrote: >I did a fresh install of Win7 Home yesterday and can confirm impacted Skype > version was offered by Windows Update for install. Thanks for the confirmation. See for my writeup of Skype's and Microsoft's epic failures i

Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

I did a fresh install of Win7 Home yesterday and can confirm impacted Skype version was offered by Windows Update for install. Kev On Tue, 20 Feb 2018 at 18:31, Stefan Kanthak wrote: > "Jeffrey Walton" wrote: > > > On Fri, Feb 9, 2018 at 1:01 PM, Stefan Kanthak > wrote: > > [ http://seclists.

Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

"Jeffrey Walton" wrote: > On Fri, Feb 9, 2018 at 1:01 PM, Stefan Kanthak > wrote: [ http://seclists.org/fulldisclosure/2018/Feb/33 ] > Not sure if this is related, but: > https://winbuzzer.com/2018/02/14/microsoft-just-killed-skype-classic-response-unfixable-security-bug-xcxwbn/ This is of c

Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

On Fri, Feb 9, 2018 at 1:01 PM, Stefan Kanthak wrote: > Hi @ll, > > since about two or three years now, Microsoft offers Skype as > optional update on Windows/Microsoft Update. > > JFTR: for Microsoft's euphemistic use of "update" see > > > On

[FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

Hi @ll, since about two or three years now, Microsoft offers Skype as optional update on Windows/Microsoft Update. JFTR: for Microsoft's euphemistic use of "update" see Once installed, Skype uses its own proprietary update mechanism instead