Information Technology Services

Vulnerability in Skype fixed by software update

ALARM Group ALERT - click for a description of ALARM, The Computing Alert System

Alert Number: 121007-01
Alert Date: 12/10/07
Alert Title: Vulnerability in Skype fixed by software update
Update-to: None.
OS/Platform/Application: Skype for Windows (all versions older than version 3.6.0.216)
Category: ALERT
Severity: MEDIUM
Attention: Skype Users

Summary: Multiple Internet Security-Related Agencies are currently reporting the existence of a vulnerability in Skype that could result in arbitrary code execution on a vulnerable computer system. The most likely vector of exploit would be the visitation of a maliciously-crafted website by an unknowing user. This vulnerability is rated as "highly critical" by at least one Security Agency at this time.

Recommended Actions: An updated version of Skype (version 3.6.0.216) is available to address this vulnerability. Skype users are encouraged to apply the upgrade immediately as per the instructions provided by the vendor.

Readers are encouraged to share this alert with family, friends, and associates who may use Skype on their home PCs.

ITS Actions: At this time, ITS is taking no specific additional actions to address this software update release.

Resources:

Skype Download Page:
http://www.skype.com/download/skype/windows/

Zero Day Initiative Advisory:
http://www.zerodayinitiative.com/advisories/ZDI-07-070.html

Secunia Advisory:
http://secunia.com/advisories/27934/

Information Technology Services University at Albany, SUNY 1400 Washington Avenue Albany, NY 12222 ITS Service Centers: 518-442-4000	University at Albany Home Page Contact UAlbany \| Directories \| Calendars \| Visitors \| Site Index \| Search Admissions \| Academics \| Research \| IT Services \| Libraries \| Athletics
Internet Privacy Policy IT Policies