ISSX Internet Security Systems

Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX), the worldwide leader in preemptive, enterprise security, today announced that it has discovered and provided preemptive protection for critical flaws in the Microsoft Domain Name System (DNS) client since February 2006. ISS is providing customers with security content and protection for all of the vulnerabilities disclosed by Microsoft today, including a flaw in the Microsoft Server Service, which X-Force predicts could soon be used by attackers to create an Internet worm. "The Microsoft DNS client flaws discovered by X-Force are of particular concern because the vulnerable DNS client is installed on all current Windows platforms," said Alain Sergile, technical product manager of X-Force, the research division of Internet Security Systems. "Through these vulnerabilities, an attacker can answer a DNS query with a malicious response, triggering a heap corruption and gaining complete, unauthorized control of an affected machine." The Microsoft DNS client is an internal library supplied with Windows that is used to resolve domain names to IP addresses. X-Force has discovered three separate vulnerabilities in the DNS code. "In addition to paying particular attention to the DNS flaws, ISS advises organizations to place priority on patching the Microsoft Server Service," said Gunter Ollmann, director of ISS X-Force. "Because the service runs by default on Windows machines, and a successful compromise of an affected version leaves the attacker in complete control of the targeted host, this type of vulnerability is traditionally a common vector for worm exploitation." The Microsoft Server Service provides basic Windows networking services such as file and printer sharing. Through the flaw announced by Microsoft today, it is vulnerable to remote code execution. The unique intelligence of X-Force is infused into all ISS products and services, including the company's Virtual Patch(R) technology, enabling the company to preemptively protect customers from the world's most dangerous security events before impact. Since its inception in 1997, X-Force has consistently rivaled independent researchers and other security vendors with its cutting-edge vulnerability discoveries. Further details on these vulnerabilities and ISS' discoveries can be found in the ISS X-Force advisories and alert at: http://xforce.iss.net/ Microsoft's security bulletin addressing these issues can be found at: http://www.microsoft.com/technet/security/current.aspx About Internet Security Systems, Inc. Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the world's leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, the ISS Proventia(R) integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets. ISS products and services are based on the proactive security intelligence of its X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. The ISS product line is complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362. Internet Security Systems is a trademark and X-Force, Virtual Patch and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.