NEW YORK: The brouhaha seems to have ended too soon for Microsoft after the 30 January launch of its Windows Vista operating system. For, the company had to admit Wednesday a flaw in the new speech recognition feature of the operating system, which allowed remote attacks.
The company said its researchers are investigating reports on the vulnerability, which could allow an attacker to use the feature to run malicious programs using prerecorded verbal commands. It said the exploit was "technically possible" but there is no cause for concern as the user will have to activate and configure the speech recognition feature and even switch on the microphone and speakers for a hacker to exploit the flaw. Even when this feature is activated, the user can hear the voice commands made by the hacker and take immediate action, it added.
Also Vista's User Account Control (UAC) feature cannot be circumvented by speech commands, the company said.
Vista users are reported to have tested the flaw and have been able to delete files and empty the trash using voice commands.
Microsoft's Security Response Center said in a blog posting the company is taking the reports seriously and investigating them accordingly. But there is little if any need to worry about the effects of this issue.
Security services firm Symantec said the flaw is indeed serious. It quoted a blogger as saying he was able to craft a recording that successfully downloaded and executed a file from the internet as well as manipulated the file system without requiring user interaction.
Users can simply disable the speech recognition feature to safeguard against its misuse.
