"PC, root thyself."

It may not be that easy, but users of Windows Vista may have to watch out for malicious audio files.

Prompted by a posting on a security mailing list, security experts investigated and confirmed that a computer running Microsoft's latest operating system, Windows Vista, could have system commands activated by audio files running on a Web site. While Microsoft implementation of least privilege settings for users mean that most harmful commands would have to somehow bypass Vista's User Account Control, basic commands could still delete documents on a user's PC without requiring a password, according to ZDNet information-technology blogger George Ou.

"I tested this scenario and it works," Ou wrote on the DailyDave security mailing list. "Yes you need to actually catch the user off-guard and they would have had to turn on speech recognition at some point which then autoloads speech in Vista from that point on. This does not require user interaction other than clicking on a URL to visit a website and this does not trigger UAC security warnings."

Other security experts and Microsoft have both confirmed the issue. Microsoft noted that the vulnerability has significant pre-conditions before anyone could exploit the issue.

"In order for an attack to be successful, the user would have to have a microphone and speakers connected to their system," the software giant stated in an advisory sent to SecurityFocus. "In addition, the user would have had to configure the speech recognition feature."

The audio trick is a--mainly humorous--misstep for Microsoft's initiative to lock down the Windows Vista operating system, which launched on Monday. For the most part, security researchers have given the operating system high marks for its improved security. However, the software giant has still not fixed a reported flaw in the operating system found in December.

Microsoft stressed that User Access Control, a feature of Windows Vista that requires a user to enter a password to do many administrative tasks, severely limits any threat from voice commands.



securityfocus.com