Internet Security Systems Shields Customers from Flaws in Internet Explorer and Windows Media Player; ISS Warns That Flaws Could Be Used to Launch Suc
ATLANTA--(BUSINESS WIRE)--June 13, 2006--Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX), the worldwide leader in preemptive, enterprise security, today announced that it is providing preemptive protection for flaws announced today by Microsoft in Internet Explorer and Windows Media Player. ISS deems five of these issues to be critical, as they can allow for remote code execution if an unsuspecting user clicks on a malicious Web page or file.
"Of particular concern is that some of the flaws in Internet Explorer can also be exploited through the preview pane in Microsoft Outlook, making them susceptible to the creation of an e-mail worm," said Alain Sergile, technical product manager for ISS' X-Force(R) research and development team. "As for the Windows Media Player vulnerability, X-Force predicts that it will be leveraged by attackers to launch targeted attacks on specific individuals or corporations. By simply enticing a user to download a malicious file and view it using Windows Media Player, attackers could very easily obtain unauthorized access to a network."
One of the critical vulnerabilities announced in Internet Explorer today involves the rendering of Web pages within Internet Explorer through mshtml.dll. This vulnerability is of particular concern since it can be exploited simply by causing a user to view a malicious HTML page through the Microsoft Outlook preview pane, which attackers could leverage for the creation of an e-mail worm.
Two of the other vulnerabilities announced by Microsoft today in Internet Explorer affect ActiveX, a Microsoft technology that allows for the integration of components such as sound and animations into a Web page. Exploitation of these flaws is possible via a specially crafted Web page.
The last critical vulnerability in Internet Explorer concerns HTML Style Tags. By creating a malicious HTML file with many Style Tags, an attacker can force Internet Explorer to execute arbitrary code.
The vulnerability in Windows Media Player involves the program's handling of Portable Network Graphics (PNG) image files. Attackers may host malformed PNG files on Web servers such that they will be opened by Windows Media Player when unsuspecting users click on them, leading to exploitation.
Successful exploitation of any of these vulnerabilities could be used to obtain unauthorized access to networks and machines, leading to exposure of confidential information, loss of productivity and further network compromise.
ISS is providing preemptive protection for these flaws. Through its unique Proventia(R) protection platform and Virtual Patch(TM) technology, ISS protects against vulnerabilities rather than known exploits to shield businesses from attack ahead of the threat. ISS' preemptive approach to security is based on the vulnerability research conducted by the company's X-Force research and development team, the unequivocal world authority on vulnerability and threat research.
Further details on these vulnerabilities can be found in the ISS X-Force alerts at: http://xforce.iss.net/xforce/alerts
Microsoft's security bulletin addressing these issues can be found at: http://www.microsoft.com/technet/security/current.aspx
About Internet Security Systems, Inc.
Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the world's leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, ISS' integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets. ISS products and services are based on the proactive security intelligence of its X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. ISS' product line is also complemented by comprehensive Managed Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.
Internet Security Systems and Virtual Patch are trademarks and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.