Internet Security Systems Keeps Customers Ahead of Latest Microsoft Internet Explorer Threat; ISS Tracks and Offers Protection for Microsoft Java Virtual Machine Remote Compromise.

ATLANTA -- Internet Security Systems (ISS ISS - International Space Station
ISS - I'm So Sure
ISS - IAIPS Support Services
ISS - Image Server System
ISS - Image Stabilization System
ISS - Image Synthesis Services
ISS - Imaging Science Subsystem (NASA Cassini mission)
ISS - Immunization Services Support (WHO)
ISS - Impedance Standard Substrate
ISS - Imperial Star Ship (Star Trek)
ISS - Imposto Sobre Serviços (Brazilian tax)
ISS - Imprinted Sportswear Shows
ISS - In-School Suspension) (NASDAQ: ISSX) today announced that it has provided customers protection against a vulnerability in Microsoft Internet Explorer See Microsoft Internet Explorer. javaprxy.dll, for which Microsoft does not currently offer a patch. This vulnerability is considered to be a serious threat to enterprise organizations due to the widespread use of Internet Explorer and the public availability of exploits for this issue, which could allow an attacker to obtain remote access to and compromise networks and machines. Testing by ISS' X-Force(R) research and development team has revealed that these exploits are successful at reliably compromising vulnerable systems.

Through the Buffer Overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. Any aberrant behavior can result when control data, such as a binary flag, is altered erroneously (it only takes one bit!). Various instructions transfer data until a null or return or some other character signals the end of the data string. Exploit Prevention (BOEP BOEP - Bureau of Engraving and Printing) technology in its Proventia(R) Desktop and Server Sensor SR 4.2 and 4.3 products, ISS has been offering preemptive protection for its customers against this vulnerability since it was first uncovered. ISS has also provided customers with additional product updates, ensuring comprehensive protection against this vulnerability in the absence of protection from Microsoft. Organizations should be aware of the following:

Business Impact -- Through this vulnerability, an attacker could lead a user to a malicious Web site using Internet Explorer or render a malicious HTML page sent by email and trigger a stack-based overflow, leading to arbitrary code execution and remote compromise. Successful exploitation would grant an attacker the privileges of the user viewing the HTML page, up to and including administrative privileges. Compromise of networks and machines using affected versions of Internet Explorer may lead to exposure of confidential information, loss of productivity and further network compromise.

Affected Infrastructure -- Javaprxy.dll is a widely used COM object, used for debugging the Microsoft Java Virtual Machine. In many cases, this dll is widely deployed across large enterprises, and in some cases resides on critical servers and virtually all desktops as part of default installations of Internet Explorer.

Available Protection -- ISS products provide protection from this vulnerability. Other organizations should review the following security advisory from Microsoft: http://www.microsoft.com/technet/security/advisory/903144.mspx

The full ISS X-Force Alert can be found at: http://xforce.iss.net/xforce/alerts/id/198

For more information on Internet Security Systems(TM) preemptive protection offerings, please visit: http://www.iss.net/proof/preemptiveprotection/

About Internet Security Systems, Inc.

Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise. ISS products and services are based on the proactive security intelligence conducted by ISS' X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.

Internet Security Systems is a trademark and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.

COPYRIGHT 2005 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Geographic Code:	1USA
Date:	Jul 6, 2005
Words:	515
Previous Article:	Guidant Begins Enrollment in European Drug Eluting Stent Study; Data From Study Will Support Launch of XIENCE V Coronary Stent System Outside the...
Next Article:	Petrofund Energy Trust Announces Cash Distributions for Third Quarter 2005.
Topics:	Computer software industry Software industry

Related Articles
INTERNET SECURITY SYSTEMS RELEASES 98 NEW SECURITY RISK DEFINITIONS.(Product Announcement)
Imitation cure for the Klez Internet worm. (Security).
USDA selects Symantec for agency-wide protection.
Microsoft will abandon Java in 2004. (First in/First out: Stub Files).
Internet Scanner 7.0, RealSecure Server 7.0 and Desktop 7.0.(frlm Internet Security Systems)
Internet Risk Impact Summary Report for Q3 2003.(Security)
Security.(mobile devices)(Illustration)(Buyers Guide)
Ten most significant emerging spyware and adware threats.(Security)
IBM Internet Security Systems shields customers from critical Microsoft vulnerabilities.(Security News and Products)
Security and products; ISS helps safeguard customers.(SOFTWARE WORLD DIGEST)