Vista Security Broken - Let Me Speak To Your ComputerBest Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
TIPS NEWS TOOLS DOWNLOADS MALWARE FORUM BOOKS FREE MAGAZINES FREE WEBCASTS & VIDEOS
Automatically monitor network security event logs - Dld FREE trial!  Bookmark and Share 
Best Tips
Security Scanner
Security Categories
Advertise With Us!
Latest Viruses / Threats
Our Partners
firewall download
Downloads
Windows Security : Vista Security Broken - Let Me Speak To Your Computer
Posted by Max on 2007/2/1 13:00:24 (1773 reads)
Windows Security

Microsoft is inspecting public reports of a probable vulnerability in Windows Vista’s speech recognition feature. Microsoft’s initial investigation discloses that this vulnerability could allow an attacker to use the speech recognition feature in Windows Vista to verbally execute commands on a user’s computer.

The attackers’ instructions are limited to the rights of the logged on user. User Account Control prohibits the attacker from executing any administrative level commands.


In order for an attack to be successful, the user would have to have a microphone and speakers connected to their system. In addition, the user would have had to configure the speech recognition feature. The attackers’ audio exploit (that’s a new!) would then issue verbal commands via the systems speakers that could potentially be carried out by the speech recognition feature.

Based on the initial investigation, Microsoft advises customers take the next actions to protect themselves from potential exploitation of the reported vulnerability:

A user can turn off their computer speakers and/or microphone.
If a user does run an audio file that attempts to execute commands on their system, they should close the Windows Media Player, turn off speech recognition and restart their computer.




Other articles
2010/9/1 14:59:07 - New Acunetix Web Vulnerability Scanner 7 Released !
2010/8/26 4:31:23 - Latest Panda Security Survey
2010/8/25 17:11:47 - NEW August 2010 Symantec MessageLabs Intelligence Report
2010/8/25 17:04:12 - GFI VIPRE Antivirus Earns Gold Level OESIS OK Certification
2010/8/25 16:59:22 - NEW IBM X-Force H1 2010 Report On Global Security
2010/8/24 7:58:12 - Identity Finder Offers Free Identity Protection for College Students
2010/8/24 7:55:18 - ESET NOD32 Antivirus Confident on Southern Africa Security Market
2010/8/24 7:51:10 - Returnil Virtual System Receives Virus Bulletin's VB100 Award
2010/8/24 7:46:57 - SharperLending’s Appraisal Firewall Technology Keeps Appraisers Independent and Lenders Compliant
2010/8/19 11:01:51 - Avalanche Group Phishing Attacks Decrease in Q2 2010 in Favour of Malware Attacks

The comments are owned by the poster. We aren't responsible for their content.