Home
News
Products
Corporate
Contact
 
Friday, January 31, 2025

News
Industry News
Publications
CST News
Help/Support
Software
Tester FAQs
Industry News

First flaw found in Microsoft Vista


Friday, February 2, 2007
Hackers have once again managed to uncover Microsoft Vista flaws that could allow remote attackers to take advantage of the operating system's speech recognition feature.

The potential security hole was discovered after an online discussion prompted blogger George Ou to try out a speech-based hack. Ou reported on ZD Net that he was able to access the Vista Start menu and, conceivably, run programs using voice commands played over the system's speakers.

Microsoft has said that the exploit was "technically possible" but there was no need to worry. The company has admitted that speech recognition features in Vista could be hijacked so that a PC tells itself to delete files or folders. Vista can respond to vocal commands and concern has been raised about malicious audio on websites or sent via email.

Some Vista users have already tested the exploit and were able to delete files and empty the trash can so that the documents were not retrievable. In one scenario outlined by users an MP3 file of voice instructions was used to tell the PC to delete documents.

"The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as 'copy', 'delete', 'shutdown', etc. and acting on them," a Microsoft security researcher wrote on the team's official blog.

The firm has pointed out that for the flaw to be exploited the speech recognition feature needs to be activated and configured and both microphone and speakers switched on. The firm also said that voice commands could not be used for privileged functions such as creating a new user or formatting a drive.

So far, the company has not posted a security advisory or offered work-around advice, but users on mailing lists have suggested that Vista owners disable the speech recognition feature's ability to automatically load when the operating system launches.

Customers who believe they have been shout-hacked can contact Microsoft Product Support Services, the company has said

By: DocMemory
Copyright © 2023 CST, Inc. All Rights Reserved

CST Inc. Memory Tester DDR Tester
Copyright © 1994 - 2023 CST, Inc. All Rights Reserved