Internet Security Systems Pre-emptively Protects Customers Against Windows Meta File (WMF) Exploits

LONDON – January 6, 2006 – Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) today announced that the company pre-emptively protected customers from the latest Windows Meta File vulnerability patched yesterday by Microsoft. Before this vulnerability was announced, customers of ISS’ host-based security products were shielded from it by the company’s buffer overflow exploit prevention technology.

Using a multi-layered security approach and unique Virtual Patchâ„? technology, which allows companies to protect against software flaws before affected vendors release patches, ISS was also able to provide customers with network-based protection for this vulnerability when it was first announced. With a multi-layered security solution including intrusion prevention, anti-virus and buffer overflow protection, ISS is the only security vendor that has been able to provide companies with effective protection for this vulnerability in the absence of a patch from Microsoft.

“With so many unpatched machines open to exploitation for over a week, we expect that the repercussions of this issue will be quite serious,” said Chris Rouland, chief technology officer of Internet Security Systems. “Due to the ease with which this flaw can be exploited, the hacker world has no doubt been using it as a means to grow existing bot networks to perpetuate future crimes and offences such as targeted DoS attacks, Trojan and spyware propagation, identity theft and corporate espionage.”

The Windows Picture and Fax viewer is the default application used to handle files with the .wmf extension in most Microsoft Windows operating systems. Windows installations are vulnerable to this flaw in their default configurations. Although an attack on this vulnerability requires some level of user interaction, it is possible to trick users into following hyperlinks or opening malicious attachments that contain exploit material. Other methods of attack may also be employed, such as embedding the link in JavaScript or some other method that will automatically download the file without the user’s knowledge. Successful exploitation of the flaw would grant an attacker the privileges of the user viewing the image, up to and including administrative privileges.

In addition to the Windows Picture and Fax viewer, ISS’ X-Force® research and development team has discovered additional attack vectors for applications including Microsoft Word, Excel, PowerPoint, Access and Publisher. Microsoft Office documents as well as other formats like Macromedia Flash have been confirmed vulnerable and are likely to be used as malicious code delivery vehicles. This vulnerability, complete with multiple infection vectors, has been observed in the wild and is known to be used in several worms and in spyware.

By focusing on vulnerabilities rather than known exploits, X-Force allows ISS to offer security that protects organisations from Internet threats before they impact business assets. By leveraging X-Force security research, a multi-layered security approach and ISS’ Virtual Patch technology, ISS’ Proventia® security products automatically patch vulnerabilities and protect critical assets from Internet attacks until organisations are able to obtain, test and apply patches from affected vendors.

The ISS X-Force alerts on this vulnerability can be found at:

ISS strongly advises that companies apply the official Microsoft patch released today. Microsoft’s security bulletin addressing this vulnerability can be found at:

For more information on ISS’ pre-emptive protection offerings, please visit:

About Internet Security Systems, Inc.

Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise. ISS products and services are based on the proactive security intelligence conducted by ISS’ X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems website at or call +44(0)1753 845 100.

Don't miss