RV_ Posted February 16, 2018 Report Share Posted February 16, 2018 OK, the short version. If your computer came with Skype from new, it installed its updater too. That is the flawed part. Fix? Go to programs and features, uninstall Skype, go to the Windows store, and download the version there, It is safe. I just did this in less than a minute. Excerpt: "If the desktop version of Skype is on your Windows computer, you’re vulnerable to a really nasty exploit. A flaw in Skype’s update tool could give attackers full control over your system, and Microsoft says there isn’t going to be a fix any time soon. Happily, you can avoid the problem completely by replacing the “desktop” version of Skype with the one available from the Microsoft Store. Still, it’s embarrassing for Microsoft’s own software to have a weakness this fundamental, and the exploit in question is one Redmond has warned other developers about multiple times. What’s Wrong With Skype? Updating software is supposed to keep you secure, but ironically in Skype’s case, updating is the problem. That’s because the flaw here isn’t with Skype itself, but rather the tool Skype uses to find and install updates. This update tool is vulnerable to DLL hjjacking, as researcher Stefan Kanthak outlines: And it gets worse. Microsoft told Kanthak they “were able to reproduce the issue,” but there won’t be issuing a patch issued to solve the problem. Instead, Microsoft plans on solving the problem during the next major release of Skype—it’s not clear when that will be. That’s…not ideal. Thankfully, there’s an alternative. The Solution: Use the Windows Store Version Microsoft offers two versions of Skype for Windows: the “Desktop” version, which has been around for ages, and the Universal Windows Platform (UWP) version, which you can download from the Microsoft Store app bundled with Windows. Only the desktop version is vulnerable to this particular exploit, because only the desktop version uses its own update tool. Microsoft has been pushing users to the Microsoft Store version of Skype for a while: the Skype download page directs users to the Store, for example. But many users still have the desktop version on their systems, and they should uninstall that and only use the Store version if they want to stay safe from this exploit. How can you tell which version you have? The simplest way is to search for “Skype” in the start menu. If you see the words “Trusted Microsoft Store app” below Skype’s name, you’re probably covered." Go to the full article for screenshots of "Good Skype" and "Bad Skype," and more details here: https://www.howtogeek.com/342990/skype-is-vulnerable-to-a-nasty-exploit-switch-to-the-windows-store-version/ RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
hiljoball Posted February 16, 2018 Report Share Posted February 16, 2018 I have two versions of Skype - the traditional version and the new version. I don't like the new version as it does not work the way I like to use Skype. My question is 'is the MS store version the 'new ' version of skype or is the traditional version also available'? John JohnTitanium 29EX 29/34 Fifthwheel Link to comment Share on other sites More sharing options...
RV_ Posted February 16, 2018 Author Report Share Posted February 16, 2018 John, I don't know as I don't use Skype much as other messenger programs work better for us. I have heard comments that others have switched since a change to Skype since Microsoft took it over. Microsoft has been doing better than ever for a while now and I hope they aren't dropping the ball again. The MS store version is , according to the article, one version back from the installed at the factory versions in the images that the computer makers use. Maybe another active Skype user can chime in here. RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Chalkie Posted February 16, 2018 Report Share Posted February 16, 2018 Since Microsoft owns Skype now I an somewhat surprised that they have found a way to disable to use of the vulnerable desktop version. Link to comment Share on other sites More sharing options...
RV_ Posted February 17, 2018 Author Report Share Posted February 17, 2018 Chalkie, That one and one in their Edge browser which they tried to fix last Tuesday but failed, are both Microsoft products but Edge is all MS. They say that the fixes for both will be in the March updates for sure, they say . . . Read this: http://www.zdnet.com/article/windows-10-security-google-exposes-how-malicious-sites-can-exploit-microsoft-edge/?loc=newsletter_large_thumb_featured&ftag=TRE-03-10aaa6b&bhid=19724681974700635514865380622813 RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.