Microsoft researchers said this week that it is unlikely Vista's new voice-recognition component could allow hackers to prompt a machine to download malware.
But, the software giant admitted Wednesday on its Security Response Center blog, it is possible to play an audio file that could permit such actions as "copy," "delete" and "shutdown."
"These commands would be coming from an audio file that is being played through the speakers," Microsoft researcher Adrian Stone said. "Of course, this would be heard and the actions would be visible to the user if they were in front of the PC during the attempted exploitation."
For the attack to be successful, though, users would have to activate the Speech Recognition feature, and the speakers and microphone would need to be functioning, Stone said. Additional obstacles include sound clarity and the placement of the microphone and speakers.
The feature – designed to help the handicapped – could not be used to force the system to perform "privileged functions," Stone said.
The discussion among security enthusiasts heated up this week when Sebastian Krahmer asked on the Dailydave newsgroup whether such an attack might be feasible. One commenter said he was able to delete his whole "My Documents" folder by issuing audio commands, according to published reports.
"While we are taking the reports seriously and investigating them accordingly, I am confident in saying that there is little, if any, need to worry about the effects of this issue on your new Windows Vista installation," Stone said.
Click here to email reporter Dan Kaplan.