Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

Businesses need to be aware of the implications if attempting to use third-party patches

LONDON – April 18, 2006 – Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX), the worldwide leader in pre-emptive, enterprise security, today issued a warning to businesses that using third-party patches could violate the licence agreements for software installed on their mission-critical systems.

Zero-day vulnerability disclosures, such as the recent Internet Explorer ’CreateTextRange‘ vulnerability, are a huge concern for enterprises because they remain unpatched for a considerable time, thereby giving attackers a window of opportunity to exploit vulnerable systems. This fear has given rise to the release of so-called ’unofficial security patches‘.

“Enterprises can feel pressured into believing that on the balance of risks, applying an unofficial patch is safer than remaining exposed to attack”, said James Rendell, Senior Technology Specialist at Internet Security Systems.

However, applying unofficial patches will likely violate the licence agreements for the software it is applied to, which in turn will render that software unsupported by the vendor.

“The reason why a vendor like Microsoft takes some time to release a hotfix is because they have to ensure quality and system integrity across multiple combinations of Windows service packs, international editions and supported hardware platforms.

The unofficial patches being developed by these third-party organisations are opportunistic PR efforts rather than serious security fixes,” said Gunter Ollmann, director of ISS’ X-Force.

Internet Security Systems’ Virtual Patch technology avoids the risks of unofficial patches by shielding unpatched systems from vulnerabilities without the need to violate licence agreements or void future vendor support by making unapproved modifications to core system software.

The Virtual Patch also provides protection until the official vendor patch can be applied, negating emergency patch nightmares.

Virtual Patch technology safely blocks attacks that attempt to exploit zero-day vulnerabilities at the network layer, but without the risks associated with the installation of unofficial patches.

About Internet Security Systems, Inc.

Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the world’s leading businesses and governments, providing pre-emptive protection for networks, desktops and servers.

An established leader in security since 1994, ISS’ integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets.

ISS products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research.

ISS’ product line is also complemented by comprehensive Managed Security Services.

For more information, visit the Internet Security Systems website at or call +44(0)1753 845 100.


Internet Security Systems and Virtual Patch are trademarks and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.


Craig Brophy
Internet Security Systems, Inc.
+44 (0)7818 456 198

This press release was distributed by ResponseSource Press Release Wire on behalf of Internet Security Systems (ISS) in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit