ZDNet said on Monday that the Skype update installer was affected by a severe bug that could be exploited with a DLL hijacking technique. According to a security researcher, this would allow attackers to gain full control of affected PCs.
They also wrote that Microsoft had been informed by this researcher and commented that they would need a large code revision to fix the problem instead of pushing out a fix.
We´ve asked Microsoft for clarification and they published the following statement regarding the issue on their forums.
There was an issue with an older version of the Skype for Windows desktop installer – version 7.40 and lower. The issue was in the program that installs the Skype software – the issue was not in the Skype software itself. Customers who have already installed this version of Skype for Windows desktop are not affected. We have removed this older version of Skype for Windows desktop from our website skype.com.
The installer for the current version of Skype for Windows desktop (v8) does NOT have this issue, and it has been available since October, 2017.”
False alarm, but questions remain
The story from ZDNet looks like a false alarm, although their statements aren´t fully wrong. The security-bug simply related to Skype version 7 and by releasing Skype version 8, Microsoft already had fixed the problem.
This is the reason why you cannot download and install the software using an older “light”-installer of Skype which tries to get Skype 7 onto your PC. But the full offline installer of Skype 8 is still available – if you know how to get it. (here the direct link)
This can be a bit difficult if you are using Windows 10 and navigate to the download page of Skype where Microsoft won´t offer you Skype Classic anymore. Only users of previous Windows versions can see the download option for Skype Classic. And even if you manage to download Skype 8 directly, you might end up disappointed afterwards. On newer builds of Windows 10, the installer refuses to proceed as Microsoft wants to promote the new Skype experience which is already integrated in Windows 10.