The new Skype looks much like a child who swallowed far too many Halloween candies and happened to be facing a monitor during the inevitable outcome; a feature not many requested.  Also gone is the ability to program your own add-ins and apply them to Skype to enhance recording and a variety of other features which made the product useful.  Microsoft ended that when they took Skype over, however they offer some other less popular features.   One such is a vulnerability which allows the unsecure update process to be used to inject nasty DLLs to give SYSTEM level access to an attacker.  From what The Inquirer has been able to find out, Microsoft will not be releasing a patch for vulnerable versions but will instead release a new version at some point, without the vulnerability baked in. 

Conspicuosly absent from this discussion was the soon to be Team-ed Skype for Business which may or may not feature this particular problem.  As it updates through Office 365 it should be safe, but not many security execs are satisifed by 'should'.

"Long story short – there's so much code that would need to be rewritten that it isn't worth it to Microsoft to shore-up this version. What's not quite clear is whether this affects the grotesque UWP version of Skype or just the old desktop version."

Here is some more Tech News from around the web:

Tech Talk