Yesterday, Skype reacted to reports of security vulnerabilities in its product by releasing software updates and widely circulating information about how to resolve the problem. Skype users may download the upgrade free of charge from Skype's website, [http://www.skype.com](http://www.skype.com).

Skype's engineering team has worked hard to ensure our products are safe and reliable. The updates were needed in order to fix two software problems, one of which can render a user vulnerable to a malicious attack if the user is duped into following web hyperlinks that are specially crafted to cause unwanted software to run.

Skype proactively discloses and rates security issues when they arise so that its customers have the latest information about its software. In addition, Skype participates as a member in the international [Forum of Incident Response and Security Teams](http://www.first.org/), a global body that allows for rapid interchange of information among software vendors, government, business and network operators.

Skype uses industry-standard vulnerability notification schemes, such as the Common Vulnerability and Exposures (CVE) system ([http://cve.mitre.org/](http://cve.mitre.org/)) and voluntarily participates in the Common Vulnerability Scoring System (CVSS) ([http://www.first.org/cvss/](http://www.first.org/cvss/)) which helps users rate the seriousness of vulnerabilities reported by a vendor.

For more info about Skype security and for all Skype Security Bulletins, see [Skype security resource center](http://www.skype.com/security/).