Menu
Microsoft Speech hit by serious flaws

Microsoft Speech hit by serious flaws

Microsoft's speech-control engines have been hit by major security flaws, according to researchers.

Microsoft Speech is the company's software for voice recognition and text-to-voice, a technology the company is modernising with the acquisition of Tellme Networks a month ago. Besides allowing visually impaired users to interact with Windows, the technology is designed to run automated telephone response systems.

The ActiveX controls used by Microsoft Speech version 4.0a to interact with Internet Explorer, xlisten.dll and xvoice.dll, could be exploited by a specially crafted ActiveX object triggering memory corruption, according to researchers. This corruption could allow attackers to take full control of a victim's system, according to Fortinet, which discovered the xvoice.dll bug.

The controls are used by Internet Explorer 7 and older versions.

According to some industry observers, such vulnerabilities -- affecting client-side software rather than servers -- are becoming the primary target of attackers.

"We're in the midst of a revolution as attackers shift their focus from gaping server side vulnerabilities, which are becoming increasingly rare, to stealthy client side holes that make phishers salivate," said SPI Dynamics security evangelist Michael Sutton in a blog post. "This month's patches illustrated that we need to focus our efforts on better securing client side applications as there is a plethora of holes ripe for exploitation."

The bug was one of the many critical flaws patched with Microsoft's monthly security update on Tuesday. The update included a large number of critical flaws, including the first Vista-only patches, and security experts haven't come to a consensus on which should be patched first.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.‚Äč

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments