Internet Security Systems Pre-emptively Protects Customers Against Critical Flaw in Microsoft Internet Explorer

LONDON – December 14, 2005 – Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) today announced that the company has provided customers with pre-emptive protection for the Internet Explorer Javascript Window() Object vulnerability addressed by Microsoft in yesterday’s monthly security update. Successful exploitation of this vulnerability could be used to gain unauthorised access to networks and machines. Compromise of networks and machines using Internet Explorer may lead to exposure of confidential information, loss of productivity and further network compromise.

This vulnerability was first identified in May 2005 as a low-risk issue that could result in a crash and denial-of-service on Internet Explorer. The issue was deemed critical in November 2005 when it was discovered that the vulnerability could also allow for remote compromise of affected machines. While Microsoft released a patch for this vulnerability today, ISS customers have been protected for three weeks, since the vulnerability was first realised to be critical.

“At ISS we’re in the business of protecting our customers ahead of the threat,” said Chris Rouland, chief technology officer of Internet Security Systems. “Our rapid response to this Internet Explorer vulnerability serves as yet another example of our dedication to pre-emptive security.”

By focusing on vulnerabilities rather than known exploits, ISS’ X-Force® research and development team allows ISS to offer security that protects organisations from Internet threats before they impact business assets. By leveraging X-Force security research and ISS’ Virtual Patchâ„? technology, ISS’ Proventia® security products automatically patch vulnerabilities and protect critical assets from Internet attacks until organisations are able to obtain, test and apply patches from affected vendors.

The full ISS X-Force alert on this vulnerability can be found at:

Microsoft’s security bulletin addressing this vulnerability can be found at:

For more information on ISS’ pre-emptive protection offerings, please visit:

About Internet Security Systems, Inc.

Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise. ISS products and services are based on the proactive security intelligence conducted by ISS’ X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems website at or call +44(0)1753 845 100.

Don't miss