“In contrast, Microsoft immediately restricted access to its MSN Messenger instant messaging (IM) service in 2005 when it discovered a vulnerability in its IM client. Only users with an updated and nonvulnerable [sic] client were allowed to access the service, which meant Microsoft essentially performed the vulnerability management process on behalf of businesses. Skype provides no such protection,” Orans added.
Although Gartner has previously recommended that enterprises stay away from Skype, Orans repeated the advice in his note. “The most secure option is to block Skype traffic completely,” he said. “However, if after weighing the risks, a business decides to allow Skype use, it should actively manage version control of Skype client — and its distribution to authorized users — using configuration management tools.”
http://www.informationweek.com/news/showArticle.jhtml;jsessionid=HCZC5RR34UIFSQSNDBCSKH0CJUMEKJVN?articleID=188700351