Not open for further replies.

Microsoft is investigating public reports of a possible vulnerability in Windows Vista’s speech recognition feature. Microsoft’s initial investigation reveals that this vulnerability could allow an attacker to use the speech recognition feature in Windows Vista to verbally execute commands on a user’s computer. The attackers’ commands are limited to the rights of the logged on user. User Account Control prohibits the attacker from executing any administrative level commands.

In order for an attack to be successful, the user would have to have a microphone and speakers connected to their system. In addition, the user would have had to configure the speech recognition feature. The attackers’ audio file would then issue verbal commands via the systems speakers that could potentially be carried out by the speech recognition feature. Based on the initial investigation, Microsoft recommends customers take the following action to protect themselves from potential exploitation of the reported vulnerability:

A user can turn off their computer speakers and/or microphone.
If a user does run an audio file that attempts to execute commands on their system, they should close the Windows Media Player, turn off speech recognition and restart their computer.
Microsoft will continue its investigation and will provide additional guidance and mitigation to further help protect customers as necessary. Upon completion of this investigation, Microsoft will take further action to help protect our customers.


George Ou after receiving this response says:

This pretty much confirms what I've been saying all along and I had recommended that Vista users do not leave their Speech Recognition feature unattended. However, good security defenses should never rely on user action to prevent exploits. It is my belief that Microsoft should filter out sounds coming from the computer which makes its way back in to the system via Microphone before it gets processed by the Speech Recognition engine as the long term solution. A short term solution is for Microsoft to implement keywords like Apple which allows a user to select a unique word to say to unlock a speech recognition engine. At this point in time, Microsoft will not commit to a patch and are still investigating the issue.

I've also done some further experimentation that this exploit can be very nasty even if it can't execute with administrative privileges or bypass UAC. I have verified that I can create a sound file that can wake Vista speech recognition, open Windows Explorer, delete the documents folder, and then empty the trash. Then we have to consider the fact that people do leave many webpages open over night and some of those may have rotating flash ads that can play sounds. If that's not a serious exploit, I don't know what is. One can always rebuild system files by reinstalling the Operating System, data files can't be recovered since the vast majority of people don't backup.


You gave been GXified
So, With UAC On

1) Download the audio file

2) Execute it

3) Give it permission to run

4) Give it permission to write to system folder

5) Give it permission to access the mic port

Ya right, my computer is hacked

With UAC off, well.....those who turn UAC off know how to prevent the computer anyway
Last edited:
Not open for further replies.
Top Bottom