Internet Security Systems Preemptively Protects Customers Against Critical Flaw in Microsoft Internet Explorer; Flaw in Internet Explorer Allows Remote Attackers To Obtain Unauthorized Access to Affected Machines

Business Wire, Dec 13, 2005

ATLANTA -- Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) today announced that the company has provided customers with preemptive protection for the Internet Explorer Javascript Window() Object vulnerability addressed by Microsoft in today's monthly security update. Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines. Compromise of networks and machines using Internet Explorer may lead to exposure of confidential information, loss of productivity and further network compromise.

This vulnerability was first identified in May 2005 as a low-risk issue that could result in a crash and denial-of-service on Internet Explorer. The issue was deemed critical in November 2005 when it was discovered that the vulnerability could also allow for remote compromise of affected machines. While Microsoft released a patch for this vulnerability today, ISS customers have been protected for three weeks, since the vulnerability was first realized to be critical.

"At ISS we're in the business of protecting our customers ahead of the threat," said Chris Rouland, chief technology officer of Internet Security Systems. "Our rapid response to this Internet Explorer vulnerability serves as yet another example of our dedication to preemptive security."

By focusing on vulnerabilities rather than known exploits, ISS' X-Force(R) research and development team allows ISS to offer security that protects organizations from Internet threats before they impact business assets. By leveraging X-Force security research and ISS' Virtual Patch(TM) technology, ISS' Proventia(R) security products automatically patch vulnerabilities and protect critical assets from Internet attacks until organizations are able to obtain, test and apply patches from affected vendors.

The full ISS X-Force alert on this vulnerability can be found at: http://xforce.iss.net/xforce/alerts/id/209.> Microsoft's security bulletin addressing this vulnerability can be found at: http://www.microsoft.com/technet/security/current.aspx.> For more information on ISS' preemptive protection offerings, please visit: http://www.iss.net/proof/preemptiveprotection/.> About Internet Security Systems, Inc.

Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise. ISS products and services are based on the proactive security intelligence conducted by ISS' X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.

Internet Security Systems and Virtual Patch are trademarks and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.