The company downplays the scenario since the targeted system would need to have the speech recognition feature previously activated and configured.
Windows Vista's speech recognition feature can be used by pranksters to remotely force a PC into executing some commands, Microsoft has confirmed, but the company's security team downplayed the threat.
After several security researchers posted messages on mailing lists detailing how a prank could be done -- a malicious Web site, for example, could host an audio file that shouted out commands to shut down the system -- Microsoft's Security Response Center (MSRC) replied in a blog entry Wednesday.
"In order for the attack to be successful, the targeted system would need to have the speech recognition feature previously activated and configured," wrote Adrian Stone, a MSRC program manager. "Additionally the system would need to have speakers and a microphone installed and turned on. The exploit scenario would involve the speech recognition feature picking up commands [from the speaker] through the microphone such as 'copy', 'delete', shutdown', etc. and acting on them."
According to Microsoft, Vista's User Account Control (UAC) feature can't be circumvented by speech commands.
"While we are taking the reports seriously and investigating them accordingly I am confident in saying that there is little if any need to worry about the effects of this issue," said Stone.
Symantec, however, warned users that the risk is greater than Microsoft has let on.
"A poster on the Daily Dave mailing [list has] reported that he was able to craft a recording that successfully downloaded and executed a file from the Internet as well as manipulated the file system without requiring user interaction," Symantec said in an alert sent to customers late Wednesday.
Microsoft has not posted a security advisory or offered work-around advice, but users on mailing lists have suggested that Vista owners disable the speech recognition feature's ability to automatically load when the operating system launches.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.