MS bug busting tool is buggy
Trusted Computing, anyone?
A design flaw in security tool which comes with Microsoft's development could explain why itss applications continue to be subject to buffer overflow attacks.
Executable code built by using Microsoft's Visual C++.NET and Visual C++ version 7 compiler is vulnerable to a buffer overflow attack, software risk management firm Cigital reports.
So a security feature designed to provide bug free code is itself subject to exactly the same kind of bug it's supposed to prevent. Developers who use the tool have a false sense of security, according to Cigital, which recommends additional testing procedures.
Microsoft is evaluating the problem which ,combined with a monster patch for Internet Explorer and the spread of 'Cool Worm', a relatively benign but effective Internet worm which attacked users of Microsoft's MSN Messenger service, caps a difficult week in Redmond's push to gain user trust in its software. ®
MSN Messenger worm entices the unwary
MS issues monster IE security fix
Charney an ominous MS pick
MS taunted with 'trustworthy computing' Web page
MS declares programming moratorium - report
What Billg's new security effort will cost
MS' highest priority must be security - Billg