Skip to main content

New Vulnerability Found In Skype That Could Allow Hackers Access

By July 18, 2017May 24th, 2021Cybersecurity

If you’re one of the millions of Skype users around the world, check to see what version you’re using. If you haven’t upgraded to the latest build, you’re at risk.

Recently, a new vulnerability came to light that allows hackers to take advantage of a security flaw in the software’s clipboard function that could spell big trouble for you.

The vulnerability works like this:

Hackers create a poisoned image file, and then copy/pastes it from the computer’s clipboard into a Skype message window.

Once the image has been loaded onto the clipboard on both the hacker’s machine and the recipient’s, Skype experiences a stack overflow error which causes the application to crash. When that happens, it opens the door, enabling the hacker to execute additional, more damaging or compromising exploits that could lead to a complete loss of control of your system.

The worst part of all is that no user interaction is required for the hacker to create the conditions by which the additional attacks can be made against the target computer.
Microsoft, which bought Skype in 2011, rated this as a high-security risk vulnerability, with a 7.2 CVSS score. It affects versions 7.2, 7.35, and 7.36 of the messaging software on Windows XP, Windows 7 and Windows 8.

Fortunately, the company patched the vulnerability in Skype v7.37, so if it’s been a while since you’ve upgraded, now is the time.

This is an especially problematic vulnerability because of the sheer popularity of Skype as a messaging platform. Not only is it used by millions of people around the world, but it’s becoming an increasingly popular communications tool in the enterprise setting.

As ever, vigilance is the order of the day, and one of the keys to remaining vigilant is to make sure all the software on your various devices is up to date and fully patched.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.