Citadel Security Software Announces Remediation Alert for Latest Microsoft Vulnerability
Hercules Offers Remediation Signature for the Microsoft MSN Chat Vulnerability

DALLAS, TEXAS, May 9, 2002 - Citadel Security Software, Inc. (OTCBB: CDSSV) announced today that Hercules, the Company's vulnerability remediation system, has made available the remediation signature for helping Microsoft users automatically repair this vulnerability. Hercules allows organizations to automate the vulnerability remediation process in a matter of minutes.

The latest threat against Microsoft MSN Chat makes users vulnerable to being exploited by attackers. The vulnerability known as the - "MSN Messenger Buffer Overflow (MS02-022)", once exploited, allows attackers to supply malicious code and gain access to any system that has the Microsoft MSN Chat Control application installed.

The vulnerability is described as a "buffer overflow" which allows an attacker to exploit a system allowing the attacker to overwrite programs to possibly lower security policy settings, lowering the system security, which could create havoc by generating more vulnerabilities.

In addition, all users that have Internet Explorer are susceptible to this same vulnerability. An attacker could simply invite users to visit a specific website and convince the user to accept and install the Microsoft Chat Control when offered.

Further information about Citadel Security Software and its products can be accessed at its web site, www.citadel.com.

About Citadel Security Software

Citadel Security Software develops, markets and licenses computer security and privacy software for one of the fastest growing segments today -- security "inside the firewall." These products enable companies to enforce security policies from a single point of control across all Windows and NetWare platforms. Citadel Security software remediates vulnerabilities and secures confidential information, applications, and systems from unauthorized access, worms, and other security vulnerabilities. The products specifically enforce policies mandated by HIPAA and Gramm-Leach-Bliley legislation for the health care and financial industries. Citadel's clients include IBM Global Services, Washington Mutual, Merrill Lynch, the U.S. Navy and several large health care companies.

Further information about Citadel Security Software and its products can be accessed at its web site, www.citadel.com.

About CT Holdings

CT Holdings, Inc develops and markets its Citadel Security Software line of desktop and network security software, and also acts as a developer of early stage companies, including Citadel Security Software, Parago, River Logic and Encore Telecommunications.

Safe Harbor/Forward-looking Statements:

Except for the historical information contained herein, this news release contains forward looking statements that are subject to risks and uncertainties, including risks associated with the distribution, underlying assumptions or expectations related to the spin-off transaction proving to be inaccurate or unrealized, the timing of the Securities and Exchange Commission's review of the registration statement on Form 10-SB, the uncertainty of general business and economic conditions, unexpected developments and outcomes in the company's legal proceedings, lack of Citadel Security Software operating history, and the uncertainty of profitability of Citadel Security Software. These and other risks are detailed from time to time in CT Holdings' SEC reports, including the report on Form 1O-KSB for the year ended December 31, 2000 and its most recent Form 10-QSBs, as well as in the Registration Statement on Form 10-SB, filed by Citadel Security Software in connection with the proposed distribution.