A security flaw in a compiler included in Microsoft's .Net developer tools may leave systems vulnerable to attack.
Researchers at software risk management provider Cigital said that Microsoft's Visual C++.Net and Visual C++ version 7 compiler could lead programmers to write even more programs that are vulnerable to buffer overflow attacks.
Because the protection mechanism itself is susceptible to a buffer overflow attack, developers who make use of the feature may come away with a false sense of security and unintentionally discount critical implementation programs, said Cigital CTO Gary McGraw.
"There is no 'just add water' solution for software and application security, especially at the design level," he said.
According to McGraw, the fact that even security features such as Microsoft's broken buffer overflow protection mechanism fall prey to security problems "demonstrates the challenge we face."
As the latest flaw is in a tool for developing software, Cigital recommended developers find other ways besides this feature to check that their software is secure.
Microsoft spokesman Jim Desler said the company was in the process of investigating the report.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago