Here’s something you don’t hear every day; Microsoft is stating that a speech recognition hack that would supposedly allow people to run commands with administrative privileges is not serious… and security experts seem to be agreeing! I don’t think it’s very common for both Microsoft and security experts to be agreeing on the criticality of OS vulnerabilities…

According to security researchers, Windows Vista’s speech-recognition feature is flawed and hackers could use it to remotely force a PC to execute commands.

Microsoft confirmed the vulnerability on Wednesday — a day after the consumer launch of the new operating system — when security researchers began offering details on how pranksters could exploit the speech technology. A malicious Web site, for example, could load an audio file that shouts commands to shut down the operating system without the user’s authorization.

While some security researchers believe Vista’s first public flaw is, in fact, serious, Microsoft is downplaying the risk, noting that a targeted system’s speech-recognition feature would need to be configured correctly for the attack to be successful.[more]

Tags: Bugs