Jump to content

Skype Is Vulnerable to a Nasty Exploit: Switch to the Windows Store Version


RV_

Recommended Posts

OK, the short version. If your computer came with Skype from new, it installed its updater too. That is the flawed part. Fix? Go to programs and features, uninstall Skype, go to the Windows store, and download the version there, It is safe. I just did this in less than a minute.

Excerpt:

"If the desktop version of Skype is on your Windows computer, you’re vulnerable to a really nasty exploit. A flaw in Skype’s update tool could give attackers full control over your system, and Microsoft says there isn’t going to be a fix any time soon.

Happily, you can avoid the problem completely by replacing the “desktop” version of Skype with the one available from the Microsoft Store. Still, it’s embarrassing for Microsoft’s own software to have a weakness this fundamental, and the exploit in question is one Redmond has warned other developers about multiple times.

What’s Wrong With Skype?

Updating software is supposed to keep you secure, but ironically in Skype’s case, updating is the problem. That’s because the flaw here isn’t with Skype itself, but rather the tool Skype uses to find and install updates. This update tool is vulnerable to DLL hjjacking, as researcher Stefan Kanthak outlines:

And it gets worse. Microsoft told Kanthak they “were able to reproduce the issue,” but there won’t be issuing a patch issued to solve the problem. Instead, Microsoft plans on solving the problem during the next major release of Skype—it’s not clear when that will be.

That’s…not ideal. Thankfully, there’s an alternative.

The Solution: Use the Windows Store Version

Microsoft offers two versions of Skype for Windows: the “Desktop” version, which has been around for ages, and the Universal Windows Platform (UWP) version, which you can download from the Microsoft Store app bundled with Windows. Only the desktop version is vulnerable to this particular exploit, because only the desktop version uses its own update tool.

Microsoft has been pushing users to the Microsoft Store version of Skype for a while: the Skype download page directs users to the Store, for example. But many users still have the desktop version on their systems, and they should uninstall that and only use the Store version if they want to stay safe from this exploit.

How can you tell which version you have? The simplest way is to search for “Skype” in the start menu. If you see the words “Trusted Microsoft Store app” below Skype’s name, you’re probably covered."

Go to the full article for screenshots of "Good Skype" and "Bad Skype," and more details here: https://www.howtogeek.com/342990/skype-is-vulnerable-to-a-nasty-exploit-switch-to-the-windows-store-version/

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

I have two versions of Skype - the traditional version and the new version. I don't like the new version as it does not work the way I like to use Skype.

My question is 'is the MS store version the 'new ' version of skype or is the traditional version also available'?

John

John
Titanium 29EX 29/34 Fifthwheel

Link to comment
Share on other sites

John,

I don't know as I don't use Skype much as other messenger programs work better for us. I have heard comments that others have switched since a change to Skype since Microsoft took it over. Microsoft has been doing better than ever for a while now and I hope they aren't dropping the ball again. The MS store version is , according to the article, one version back from the installed at the factory versions in the images that the computer makers use.

Maybe another active Skype user can chime in here.

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Chalkie,

That one and one in their Edge browser which they tried to fix last Tuesday but failed, are both Microsoft products but Edge is all MS. They say that the fixes for both will be in the March updates for sure, they say . . .

Read this:

http://www.zdnet.com/article/windows-10-security-google-exposes-how-malicious-sites-can-exploit-microsoft-edge/?loc=newsletter_large_thumb_featured&ftag=TRE-03-10aaa6b&bhid=19724681974700635514865380622813

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...