Bill and the Boyz admit their latest money-spinner, Vista, has something of a free speech problem.

There's a security hole on the voice recognition application.

"In order for the attack to be successful, the targeted system would need to have the speech recognition feature previously activated and configured," says Adrian on the Microsoft Security Response Center blog.

"Additionally the system would need to have speakers and a microphone installed and turned on."

Wouldn't that have to be the case if you wanted to use the system?

Not only but also, "The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as 'copy', 'delete', 'shutdown', etc. and acting on them," says the post, going on:

These commands would be coming from an audio file that is being played through the speakers. Of course this would be heard and the actions taken would be visible to the user if they were in front of the PC during the attempted exploitation. It is not possible through the use of voice commands to get the system to perform privileged functions such as creating a user without being prompted by UAC for Administrator credentials. The UAC prompt cannot be manipulated by voice commands by default. There are also additional barriers that would make an attack difficult including speaker and microphone placement, microphone feedback, and the clarity of the dictation.

Meanwhile, "While we are taking the reports seriously and investigating them accordingly I am confident in saying that there is little if any need to worry about the effects of this issue on your new Windows Vista installation," Adrian promises.

Do they look like famous last words to you?

. Slashdot it!

Also See:
blog - Issue regarding Windows Vista Speech Recognition, January 31, 2007