Microsoft Security Patch Said To Be Ineffective


A Microsoft program designed to plug a common security hole is vulnerable to the very attack it was designed to prevent, the Wall Street Journal alleged in a report on Thursday, citing a prominent security consulting firm.

Last month Microsoft Chairman Bill Gates announced a company-wide initiative to improve the security features of its products.

Microsoft on Wednesday unveiled a collection of programming tools, including a new version of a special-purpose program that it modified to try to prevent a common hacker attack called buffer overflows, the Journal said.

Researchers at Cigital, of Dulles, Va., found that Microsoft apparently adopted a technique that has been used with the Linux operating system and shown to be vulnerable to attack, the Journal said.

As a result, the program, called Visual C++.Net, could lead programmers to write even more programs that are vulnerable to buffer-overflow attacks, the Journal alleged.

Microsoft was not immediately available to comment.

Copyright 2002 Reuters Limited. All rights reserved.

Republication or redistribution of Reuters content, including by framing or similar means, is expressly prohibited without the prior written consent of Reuters.

Reuters shall be not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.