Internet Security Systems Protects Customers Against Microsoft TNEF Vulnerability Ahead of the Threat

ONDON – January 11, 2006 – Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) today announced that the company has pre-emptively protected customers from the TNEF email format flaw addressed in Microsoft’s monthly security bulletin. This vulnerability is the result of improper processing of TNEF-encoded email attachments and can lead to remote attacks on Microsoft Exchange, Microsoft Outlook and Microsoft Office Multilingual User Interface Packs.

TNEF is the format used by Microsoft to encode rich-text emails. The text of the message is sent as the body, while the rich-text formatting is sent as a TNEF-encoded attachment. Attackers can therefore obtain remote control of machines affected by this vulnerability simply by sending a corrupted email formatted with TNEF to designated targets.

Due to the criticality of Microsoft Exchange and Outlook to most corporations, ISS’ X-Force® research and development team has deemed this vulnerability to be very serious, since exploitation of this flaw can be used to launch a denial-of-service attack that causes Exchange to crash. Even more significantly, ISS’ X Force expects that many criminal organisations could use this flaw to grow their bot networks for use in future cyber-crime endeavours.

“Because this flaw is affecting such a critical piece of technology for most of corporate America, ISS believes that many organisations will spend a significant amount of time testing Microsoft’s patch before it is deployed,” said Alain Sergile, technical product manager of ISS X-Force. “Therefore, with the exception of organisations that have deployed intrusion prevention systems, many companies will remain open to exploitation until patched, which could take some organisations weeks. This will significantly increase the hacker community’s opportunity to create working exploits for this flaw, which can be initiated through a simple email to an affected organisation.”

ISS customers are pre-emptively protected from the TNEF flaw. By focusing on vulnerabilities rather than known exploits, X-Force allows ISS to offer security that protects organisations from Internet threats before they impact business assets. By leveraging X-Force security research, a multi-layered security approach and ISS’ Virtual Patchâ„? technology, ISS’ Proventia® security products automatically patch vulnerabilities and protect critical assets from Internet attacks until organisations are able to obtain, test and apply patches from affected vendors. Also key to ISS’ pre-emptive protection strategy is the company’s buffer overflow exploit prevention technology, which protects hosts from attackers and worms that attempt to use known or previously unknown buffer overflow attacks to exploit the system or propagate.

The ISS X-Force alert on this vulnerability can be found at:

ISS strongly advises that companies apply the official Microsoft patch for this vulnerability. Microsoft’s security bulletin addressing this vulnerability can be found at:

About Internet Security Systems, Inc.

Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise. ISS products and services are based on the proactive security intelligence conducted by ISS’ X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems website at or call +44(0)1753 845 100.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss