It has been reported that their could be a possible exploit of Microsoft’s voice recognition software that comes with Windows Vista. In theory a audio file could be used to send commands to a computer which could cause files to be deleted from the system. Notice the word ‘theory’.
But what is even more surprising is the response posted by the Microsoft Security Response Center Blog.
They start with:
“In order for the attack to be successful, the targeted system would need to have the speech recognition feature previously activated and configured.”
Why wouldn’t that feature be activated and configured? Isn’t this one of the new features of Vista?
“Additionally the system would need to have speakers and a microphone installed and turned on.“
I don’t think that would seem to unusual.
“Of course this would be heard and the actions taken would be visible to the user if they were in front of the PC during the attempted exploitation.”
But if the user step away from the computer to answer the phone, or took a bathroom break, or merely left the system on unattended, then no one would be there to stop the attack.
Though it does seem that the exploit would involve most of what Microsoft has stated to occur, I don’t believe that it is beyond the realm of possibilities. Therefore if you are using Vista, it might be a good idea to disable Speech Recognition until Microsoft posts a fix, patch or workaround to the problem.
Check out Microsoft’s full explanation at the link below for complete details.
Response From Microsoft On Exploit.
[tags]vista, exploit, speech, recognition, [/tags]