Researchers speak out about Microsoft Speech flaws

Posted by Mark Raby

Researchers are blasting Microsoft for a critical flaw that could cause a critical attack on users who rely on speech recognition to control their Windows-based computer.

Microsoft Speech version 4.0a, when used in conjunction with Internet Explorer, opens up a severe hole that, when triggered by a malicious ActiveX control, can cause key data to be deleted and allow a hacker to gain remote control of the system.

The vulnerability was patched in Microsoft's security update this week, but security experts say this kind of vulnerability highlights a new trend for hackers.

"We're in the midst of a revolution as attackers shift their focus from gaping server side vulnerabilities, which are becoming increasingly rare, to stealthy client side holes that make phishers salivate," wrote SPI Dynamics' Michael Sutton in a blog posting.