NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0403 Skype Patches a Critical Vulnerability:
Skype patched a critical vulnerability that forced it to dump several features from
its VoIP and chat software to prevent attackers from hijacking Windows PCs. In a
security advisory issued Tuesday, Skype said it fixed the underlying flaw publicized
by Israeli researcher Aviv Raff nearly three weeks ago. The vulnerability, which Raff
called a cross-zone scripting bug, could be exploited with rigged video files that
leveraged a security flaw in the way Skype rendered HTML. Users can download the
patched Skype -- Version 3.6.0.248 for Windows -- from the service's web site.
Existing Skype users can update by using the software's "Check for Updates" command
under the Help menu.
(ComputerWorld 05FEB08)