A Microsoft Corp. MSFT.O program designed to plug a common security hole is vulnerable to the very attack it was designed to prevent, the Wall Street Journal alleged in a report on Thursday, citing a prominent security consulting firm.
Last month Microsoft Chairman Bill Gates announced a company-wide initiative to improve the security features of its products.
Microsoft on Wednesday unveiled a collection of programming tools, including a new version of a special-purpose program that it modified to try to prevent a common hacker attack called buffer overflows, the Journal said.
Researchers at Cigital, of Dulles, Va., found that Microsoft apparently adopted a technique that has been used with the Linux operating system and shown to be vulnerable to attack, the Journal said.
As a result, the program, called Visual C++.NET, could lead programmers to write even more programs that are vulnerable to buffer-overflow attacks, the Journal alleged.
Microsoft was not immediately available to comment.