A design flaw in security tool which comes with Microsoft's development could explain why itss applications continue to be subject to buffer overflow attacks.

Executable code built by using Microsoft's Visual C++.NET and Visual C++ version 7 compiler is vulnerable to a buffer overflow attack, software risk management firm Cigital reports.

So a security feature designed to provide bug free code is itself subject to exactly the same kind of bug it's supposed to prevent. Developers who use the tool have a false sense of security, according to Cigital, which recommends additional testing procedures.

Microsoft is evaluating the problem which ,combined with a monster patch for Internet Explorer and the spread of 'Cool Worm', a relatively benign but effective Internet worm which attacked users of Microsoft's MSN Messenger service, caps a difficult week in Redmond's push to gain user trust in its software. ®

External links

target="new Cigital Warns of Security Flaw in Microsoft .NET Compiler (http://www.cigital.com/news/mscompiler.html)

Related stories

MSN Messenger worm entices the unwary (http://www.theregister.co.uk/content/55/24059.html)
MS issues monster IE security fix (http://www.theregister.co.uk/content/55/24027.html)
Charney an ominous MS pick (http://www.theregister.co.uk/content/55/24029.html)
MS taunted with 'trustworthy computing' Web page (http://www.theregister.co.uk/content/55/23966.html)
MS declares programming moratorium - report (http://www.theregister.co.uk/content/55/23922.html)
What Billg's new security effort will cost (http://www.theregister.co.uk/content/archive/23791.html)
MS' highest priority must be security - Billg (http://www.theregister.co.uk/content/4/23715.html)