Skype容易受到恶意利用：切换到Windows应用商店版本

If the desktop version of Skype is on your Windows computer, you’re vulnerable to a really nasty exploit. A flaw in Skype’s update tool could give attackers full control over your system, and Microsoft says there isn’t going to be a fix any time soon.

如果您的Windows计算机上装有Skype的桌面版本，则您很容易受到真正令人讨厌的攻击。 Skype的更新工具中的缺陷可能使攻击者完全控制您的系统，微软表示不会很快修复。

Happily, you can avoid the problem completely by replacing the “desktop” version of Skype with the one available from the Microsoft Store. Still, it’s embarrassing for Microsoft’s own software to have a weakness this fundamental, and the exploit in question is one Redmond has warned other developers about multiple times.

令人高兴的是，您可以通过使用Microsoft Store中可用的Skype替代“桌面”版本的Skype来完全避免该问题。 尽管如此，微软自己的软件在这个基础上存在弱点还是令人尴尬的，而该漏洞利用是Redmond曾多次警告其他开发人员。

Here’s what this exploit works, and how you can make sure you’re using the safe Windows Store version of Skype.

这是此漏洞利用的工作原理，以及如何确保使用安全的Windows Store版本的Skype。

Skype有什么问题？ (What’s Wrong With Skype?)

Updating software is supposed to keep you secure, but ironically in Skype’s case, updating is the problem. That’s because the flaw here isn’t with Skype itself, but rather the tool Skype uses to find and install updates. This update tool is vulnerable to DLL hjjacking, as researcher Stefan Kanthak outlines:

更新软件应该可以确保您的安全，但是具有讽刺意味的是，在Skype的情况下，更新是问题所在。 这是因为此处的缺陷不是Skype本身，而是Skype用于查找和安装更新的工具。 正如研究员Stefan Kanthak 概述的那样，此更新工具容易受到DLL hjjacking的攻击：

This executable is vulnerable to DLL hijacking: it loads at least UXTheme.dll from its application directory %SystemRoot%Temp instead from Windows’ system directory. An unprivileged (local) user who is able to place UXTheme.dll or any of the other DLLs loaded by the vulnerable executable in %SystemRoot%Temp gains escalation of privilege to the SYSTEM account.

该可执行文件容易受到DLL劫持的影响：它从其应用程序目录％SystemRoot％Temp而不是Windows的系统目录中至少加载UXTheme.dll。 能够将UXTheme.dll或易受攻击的可执行文件加载的任何其他DLL放置在％SystemRoot％Temp中的未特权(本地)用户将特权提升到SYSTEM帐户。

Basically, Skype runs DLLs from the Temp folder, which users can access without administrator rights. This makes it trivial for bad actors to switch out the DLLs and gain system level control over your computer. It’s the kind of vulnerability Microsoft specifically warns developers to avoid, but Microsoft’s Skype team seems to have missed that particular memo.

基本上，Skype从Temp文件夹运行DLL ，用户无需管理员权限即可访问。 这对于不好的参与者而言，关闭DLL并获得对计算机的系统级控制非常简单。 微软特别警告开发人员避免这种漏洞，但微软的Skype团队似乎错过了该备忘录。

And it gets worse. Microsoft told Kanthak they “were able to reproduce the issue,” but there won’t be issuing a patch issued to solve the problem. Instead, Microsoft plans on solving the problem during the next major release of Skype—it’s not clear when that will be.

而且情况变得更糟。 微软告诉Kanthak他们“能够重现此问题”，但是不会发布解决该问题的补丁程序。 相反，Microsoft计划在下一个主要的Skype版本中解决该问题-尚不清楚何时发布。

That’s…not ideal. Thankfully, there’s an alternative.

那不是很理想。 值得庆幸的是，还有另一种选择。

解决方案：使用Windows应用商店版本 (The Solution: Use the Windows Store Version)

Microsoft offers two versions of Skype for Windows: the “Desktop” version, which has been around for ages, and the Universal Windows Platform (UWP) version, which you can download from the Microsoft Store app bundled with Windows. Only the desktop version is vulnerable to this particular exploit, because only the desktop version uses its own update tool.

Microsoft提供了两种Skype for Windows版本：已有很长时间的“桌面”版本和通用Windows平台(UWP)版本，您可以从与Windows捆绑在一起的Microsoft Store应用程序中下载该版本。 因为只有台式机版本使用其自己的更新工具，所以只有台式机版本容易受到此特定漏洞的攻击。

Microsoft has been pushing users to the Microsoft Store version of Skype for a while: the Skype download page directs users to the Store, for example. But many users still have the desktop version on their systems, and they should uninstall that and only use the Store version if they want to stay safe from this exploit.

Microsoft一直将用户推送到Skype的Microsoft Store版本：例如， Skype下载页面将用户定向到Store。 但是，许多用户的系统上仍具有桌面版本，因此，他们应该卸载该版本，并且仅在希望避免受到此漏洞攻击时才使用商店版本。

How can you tell which version you have? The simplest way is to search for “Skype” in the start menu. If you see the words “Trusted Microsoft Store app” below Skype’s name, you’re probably covered.

你怎么知道你有哪个版本？ 最简单的方法是在开始菜单中搜索“ Skype”。 如果您在Skype名称下方看到“受信任的Microsoft Store应用程序”字样，则可能会被覆盖。

The two apps also look completely different. Here’s the “desktop” version:

这两个应用看起来也完全不同。 这是“桌面”版本：

If your Skype looks like this, you’re vulnerable to the exploit. You should uninstall Skype, then download the Microsoft Store version.

如果您的Skype看起来像这样，则很容易受到攻击。 您应该卸载Skype，然后下载Microsoft Store版本 。

Here’s the Microsoft Store version:

这是Microsoft Store版本：

If your Skype looks like this, you’re safe: updates for this version are handled using Microsoft Store, so the vulnerability is not relevant.

如果您的Skype看起来像这样，那么您就安全了：此版本的更新是使用Microsoft Store处理的，因此该漏洞不相关。

It’s unfortunate that Microsoft won’t just patch this vulnerability, but at least there’s a working version of Skype that’s locked down. And while the interface and features of the Microsoft Store version will be an adjustment, things like calling and chat work just fine in our tests, even if the interface offers fewer options. And hey: there’s no ugly ads on the Store version, so that’s a plus.

不幸的是，微软不仅会修补此漏洞，而且至少有一个可用的Skype版本已被锁定。 尽管将对Microsoft Store版本的界面和功能进行调整，但即使界面提供的选项较少，在我们的测试中呼叫和聊天之类的功能也可以正常工作。 嘿：商店版本中没有丑陋的广告，所以这是一个加号。

翻译自: https://www.howtogeek.com/342990/skype-is-vulnerable-to-a-nasty-exploit-switch-to-the-windows-store-version/