Microsoft has issued a security advisory concerning a flaw in the speech recognition software within Vista, that could allow remote attackers to delete users’ documents and files.
The Vista security advisory team said, “An issue has been identified publicly where an attacker could use the speech recognition capability of Windows Vista to cause the system to take undesired actions.
“While it is technically possible, there are some things that should be considered when trying to determine what the threat of exposure is to your Windows Vista system.”
In order for the attack to be successful, said the advisory, the targeted system would need to have the speech recognition feature activated and configured.
Additionally the system would need to have speakers and a microphone installed and turned on.
The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as “copy”, “delete”, and “shutdown”, for instance, and acting on them, said Microsoft.
These commands would be coming from a malicious audio file sent via e-mail or downloaded from the web. The commands would be played through the speakers.
The commands would be heard and the actions would be visible to the PC’s owner if they were in front of the PC during the attempted exploitation.
Because of this exploit scenario, said Microsoft, few users would be affected by the threat.
There are speech recognition features also built into Window XP, but the speech features in Vista are designed to be more easily implemented and to offer greater functionality.
Microsoft has told users, “While we are taking the reports seriously and investigating them accordingly, we are confident in saying that there is little if any need to worry about the effects of this issue on your new Windows Vista installation.”
Related article: IT managers say Vista is a 'distraction'
Comment on this article: [email protected]