ZDNet said on Monday that the Skype update installer was affected by a severe bug that could be exploited with a DLL hijacking technique. According to a security researcher, this would allow attackers to gain full control of affected PCs. They also wrote that Microsoft had been informed by this researcher and commented that they would need a large code revision to fix the problem instead of pushing out a fix. We´ve asked Microsoft for clarification and they published the following statement regarding the issue on their forums.
Microsoft Says They´ve Already Fixed Skype and That It´s Fully Secure
Microsoft has commented on reports about a severe security flaw in Skype. The company says, that there indeed was such a problem with the Skype Installer but clarifies that the newest Skype version 8 is not affected anymore and therefore fully secure.
“At Skype, we take security very seriously.There was an issue with an older version of the Skype for Windows desktop installer – version 7.40 and lower. The issue was in the program that installs the Skype software – the issue was not in the Skype software itself. Customers who have already installed this version of Skype for Windows desktop are not affected. We have removed this older version of Skype for Windows desktop from our website skype.com.
The installer for the current version of Skype for Windows desktop (v8) does NOT have this issue, and it has been available since October, 2017.”