Skype is the go-to video chat platform for millions of people. This is why Skype outages like the one we reported last week can be disruptive. Although the reason for the outages was not disclosed by Microsoft, the issues were reportedly resolved within three days.
However, even if you weren’t directly affected by the outages, a recent publicly disclosed zero-day Skype flaw should prompt you to check if you have the latest version of the application and update as soon as you can.
Skype zero-day flaw
A serious zero-day vulnerability was discovered in Skype’s client in Windows. The critical flaw allows attackers to remotely crash the Skype application and even execute malicious code on the machine that’s running it.
Vulnerability Lab security researcher Benjamin Kunz Mejri revealed the previously undisclosed flaw this week and stated that it affects Windows Skype versions 7.2, 7.35, and 7.36.
Microsoft was notified of the vulnerability back on May 16 and the Windows maker released a Skype update patch to fix the issue on June 8. However, the issue was just recently disclosed publicly on June 26.
The flaw impacts the “MSFTEDIT.DLL” dynamic link library when a remote copy request on the shared clipboard is issued by the local machine. An attacker can exploit this by pasting a special image file on the shared clipboard, which can cause stack buffer overflow errors.
Alarmingly, the bug can be exploited without the victim’s interaction and even low-privilege Skype accounts can be used to launch an attack.
“The issue can be exploited remotely via session or by local interaction. The problem is located in the print clipboard format & cache transmit via remote session on Windows XP, Windows 7, Windows 8 and Windows 10. In Skype v7.37 the vulnerability is patched,” Vulnerability Lab wrote in a post.
The flaw was fixed in Skype version 7.37.178 so make sure you have this latest version installed.
How to update Skype for Windows
Skype for Windows is set to automatically update by default. If you haven’t tweaked your settings then you should already have the latest version installed. Note: Skype updates are also included in Windows Updates.
To check if you have automatic updates installed, open the Skype application and sign in. In the menu bar, go to the Tools tab the select “Options…” >> “Advanced” >> “Automatic Updates” then check if it’s turned on.
You can also force Skype to update by clicking on the Skype applications Help tab and selecting “Check for Updates.” If one is available, simply download it then click the “Upgrade” button to install.
Skype will also notify you if there’s an available update that hasn’t been installed yet. If you get this pop-up notice, click the “Upgrade” button as soon as you can.