A security flaw in a compiler included in Microsoft's .Net developer tools may leave systems vulnerable to attack.
Researchers at software risk management provider Cigital said that Microsoft's Visual C++.Net and Visual C++ version 7 compiler could lead programmers to write even more programs that are vulnerable to buffer overflow attacks.
Because the protection mechanism itself is susceptible to a buffer overflow attack, developers who make use of the feature may come away with a false sense of security and unintentionally discount critical implementation programs, said Cigital CTO Gary McGraw.
"There is no 'just add water' solution for software and application security, especially at the design level," he said.
According to McGraw, the fact that even security features such as Microsoft's broken buffer overflow protection mechanism fall prey to security problems "demonstrates the challenge we face."
As the latest flaw is in a tool for developing software, Cigital recommended developers find other ways besides this feature to check that their software is secure.
Microsoft spokesman Jim Desler said the company was in the process of investigating the report.
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago
A nuclear strike has been considered, but Bruce Willis is nowhere in sight
Spray-on antenna could enable seamless integration of antennas with everyday objects
Parker Solar Probe, TESS and GOLD missions will deliver exciting data, claims NASA