ISSX Internet Security Systems

Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX), the worldwide leader in preemptive, enterprise security, today announced protection for several flaws disclosed by Microsoft affecting Internet Explorer and Windows users. ISS customers have been protected from the two Internet Explorer flaws covered in Microsoft's security update, HTML Application (HTA) and "CreateTextRange," since February 2004 and March 2006, respectively. ISS is also providing product coverage for a flaw announced today in Microsoft Data Access Components (MDAC). Because exploitation of these vulnerabilities requires the user to browse to a malicious Web page, ISS' X-Force(R) research and development team expects that attackers will attempt to lure users via phishing emails. "Unfortunately, computer users still fall for phishing scams at an alarming rate," said Gunter Ollmann, director of ISS' X-Force. "Therefore, while these flaws require some level of user interaction to exploit, it is still crucial for organizations to apply protection for them as soon as possible." Today, Microsoft released a security update for several critical vulnerabilities announced last month that affect Internet Explorer. The first, CreateTextRange, enables an attacker to modify text within an object, eventually allowing for the execution of arbitrary code and compromise of networks and machines. The second, HTA, allows attackers to force a victim to download and execute arbitrary HTML Applications without the user's knowledge, leading to the download and execution of additional malicious files. In the absence of a patch from Microsoft, ISS has provided customers with ahead-of-the-threat protection from these vulnerabilities before any exploits were released in the wild. Through ISS' Virtual Patch technology, companies can automatically shield business assets from attack until they are able to schedule time to apply patches from affected vendors. Microsoft also announced today a flaw in Microsoft Data Access Components. MDAC is a group of Microsoft technologies that interact together to provide programmers a uniform means of developing applications for accessing almost any data repository. MDAC is prevalent in a wide range of Microsoft products including Windows XP, Windows Millennium Edition and Windows Server. Exploitation of this vulnerability also requires users to view a malicious Web page using Internet Explorer. Successful exploitation of any of these vulnerabilities could be used to obtain unauthorized access to networks and machines, leading to exposure of confidential information, loss of productivity and further network compromise. By protecting against vulnerabilities rather than known exploits, ISS keeps organizations ahead of Internet threats. Through a multi-layered security approach, ISS' Proventia(R) security products and services provide organizations with comprehensive protection for IT assets from network to host. ISS products and services are based on the work of its X-Force research and development team. X-Force has discovered more than 50 percent of all critical and high-risk software and infrastructure vulnerabilities uncovered by commercial security research groups from 1998 to 2005. The ISS X-Force alerts on these vulnerabilities can be found at: http://xforce.iss.net/ Microsoft's security bulletin addressing these vulnerabilities can be found at: http://www.microsoft.com/technet/security/current.aspx About Internet Security Systems, Inc. Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the world's leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, ISS' integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets. ISS products and services are based on the proactive security intelligence of its X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. ISS' product line is also complemented by comprehensive Managed Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362. Internet Security Systems and Virtual Patch are trademarks and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.