'

For this Skype vulnerability fix note to FINALLY get posted, it takes a Villu

Luv her or not, that was a play on Hillary Clinton's old "it takes a village to raise a child."And "Villa" refers to Villu Arak, one of Skype's corporate bloggers.

skype36vul.jpg

Luv her or not, that was a play on Hillary Clinton's old "it takes a village to raise a child."

And "Villa" refers to Villu Arak, one of Skype's corporate bloggers.

OK, after you pick up your laughing self off the floor - or not-:

Hey, guess what.

About a month ago, Skype experienced an arbitrary code vulnerability exploit that would rear its ugly head when the user visited a malicious page.

"The specific flaw exists within the ’skype4com’ URI handler created by Skype during installation," reported an advisory from TippingPoint’s Zero Day Initiative. "When processing short string values through this handler an exploitable memory corruption may occur which can result in arbitrary code execution under the context of the current user."

The problem was fixed with a patch onNovember 15, but was only reported now.

As my colleague Ryan Naraine notes, Skype’s security team never announced the fix until today, due to what is described as an “unintentional communication oversight.”

“All we can do now is to apologize,” says Skype’s Villu Arak.

Well, duh, Villu.

Well d'oh, Villu.

Which leads to the weighty philosophical question of the day:

Do "duh and d'oh" mean the same thing?

Not that, sorry.

Oh, and what happened to Skype's vaunted bug fix notification system flow?