Gartner warns on Skype vulnerability

Businesses using the popular voice over IP application Skype should make sure employees are logging on with the latest version, according to analyst house Gartner.

A recent vulnerability in the software allows an attacker to steal a file from a victim's PC, provided the victim has visited a malicious Web site and the attacker knows the file's location.

The latest version of Skype fixes this security hole but the software does not require users to upgrade before placing VoIP calls or sending instant messages — thus, warns Gartner, businesses could be putting company data at risk by allowing employees to use a vulnerable version of the software.

Gartner analyst Lawrence Orans said in a research note: "Because the Skype client is a free download, it is widely used and most businesses have no idea how many Skype clients are installed on their systems or how much Skype traffic passes over their networks."

The most secure option, according to Gartner, is to block all Skype traffic on the corporate network.

If businesses want to allow Skype use, though, Gartner suggests keeping a close eye on which versions employees are using.

Orans said: "If after weighing the risks, a business decides to allow Skype use, it should actively manage version control of the Skype client — and its distribution to authorised users — using configuration management tools."