Microsoft confirmed
the vulnerability on Wednesday -- a day after the consumer launch of the new
operating system -- when security researchers began offering details on how
pranksters could exploit the speech technology. A malicious Web site, for
example, could load an audio file that shouts commands to shut down the
operating system without the user's authorization.
According to the Microsoft Security Response Center (MSRC), a microphone would
have to be installed and the speakers turned on for malicious users to take
advantage of the weakness. "The exploit scenario would involve the
speech-recognition feature picking up commands [from the speaker] through the
microphone such as 'copy,' 'delete,' shutdown,' etc. and acting on them," Adrian
Stone, MSRC program manager, wrote in an MSRC blog post.
Ahh no problem its not like I have speakers and a microphone connected to.... EVERY PC I OWN AND/OR WORK ON!
